Announcement

Collapse
No announcement yet.

imap authentication

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • imap authentication

    Hi,
    I'm having a little trouble setting up imap authentication.

    I'm planning to replace a horde based system with ox and need a simple way of registering all my existing users with ox.

    I thought that using the imap-auth plugin in place of db-auth would do this for me, but it is not behaving as I would expect.

    If I create a user in ox that matches an existing valid imap account and use a dummy password, the user can login but has no access to email I (icon greyed out). If I create an ox account in the same way but use the genuine imap password, email is functional.

    I clearly don't understand how this is supposed to work. Since I do not know user passwords it is not possible for me create the ox accounts en masse. It does seem a little strange that if the ox server is authenticating via imap that it tehn fails to access the imap mailboxes (possibly because it is using the dummy password?).

    To be honest, I hoped that it may be possible for users accounts to be automatically created if authentication is sucessful - other webmail systems do this.

    Anyone else sing imap auth successfully?
    Did you do it by importing exiting users details?
    Is there a config change that i need to make apart from specifying my imap server in /opt/open-xchange/etc/groupware/imapauth.properties ?
    Are there a special flags I need for
    /opt/open-xchange/sbin/createuser ?

    There is some talk about it at
    http://www.open-xchange.com/forum/showthread.php?t=3015 - but my German is 0 and Babel translation is vague.

    I really like the look of OX and would like to use it in place of the alternatives. If user management is going to be a pain, I'm not sure this is the way for me to go, so any help would be very much appreciated.

    Cheers.

  • #2
    Hi,

    the discussion at the mentioned thread is about the fact that you need to enter an passwort at the command line tools even if auth is done against IMAP, the cause for this is simple: if you change the authentication back from imap to database, users won't have any or have all the same passwords which is a serious security issue. Setting a password at the database, even if imap-auth is used solves this potential problem.

    To solve the problem, please take a look at etc/groupware/imapauth.properties to match your environment.

    Comment


    • #3
      Hi,
      Thanks for explaining this. I see that an account needs to exist in Ox but my understanding of which password is used to do what is still not clear.

      The imap password is definitely being used to allow access to OX, but another password (or the same password in a different format) seems to be submitted to establish access to imap mailboxes after initial login.

      My imapauth.properties is pretty simple. My settings are

      IMAP_SERVER=a.server.of.mine
      IMAP_PORT=993
      IMAP_USE_SECURE=True
      (secure and non-secure modes behave the same port 143 and secure mode false is no different)
      IMAP_TIMEOUT=5000
      IMAP_CONNECTIONTIMEOUT=5000
      USE_FULL_LOGIN_INFO=false
      (so only username is submitted!?)
      USE_MULTIPLE=false

      Is there something else I need to modify so that the initial OX login password (imap-auth plugin) is also used by the email application?

      Or, if there are any (English) docs out the on imap-auth plugin that explains how it works....

      Thanks again.

      John

      Comment


      • #4
        password problems with imap authentification

        Hey I'm new here on the board and I have a problem with the imap authentification, too.

        The authentification on its own is working fine and there are no problems. It works! But from the user password are only the first eight letters requested or analysed for the authentification. After this eight letters you can write what you wand and you get access. Is that a general bug in the current software-setup or a mistake by my side?

        I use:
        GUI Version: 6.8.1-6811
        Server Version: 6.8.1-6811

        Thanks for your help.
        n-kerpen

        Comment


        • #5
          Originally posted by n-kerpen View Post
          Hey I'm new here on the board and I have a problem with the imap authentification, too.

          The authentification on its own is working fine and there are no problems. It works! But from the user password are only the first eight letters requested or analysed for the authentification. After this eight letters you can write what you wand and you get access. Is that a general bug in the current software-setup or a mistake by my side?

          I use:
          GUI Version: 6.8.1-6811
          Server Version: 6.8.1-6811

          Thanks for your help.
          n-kerpen
          I guess your underlying imap server uses crypt as authentication mechanism. This mechanism is limited to a 8 byte block cipher.

          Comment


          • #6
            Originally posted by seany_mor View Post
            Hi,
            Thanks for explaining this. I see that an account needs to exist in Ox but my understanding of which password is used to do what is still not clear.

            The imap password is definitely being used to allow access to OX, but another password (or the same password in a different format) seems to be submitted to establish access to imap mailboxes after initial login.

            My imapauth.properties is pretty simple. My settings are

            IMAP_SERVER=a.server.of.mine
            IMAP_PORT=993
            IMAP_USE_SECURE=True
            (secure and non-secure modes behave the same port 143 and secure mode false is no different)
            IMAP_TIMEOUT=5000
            IMAP_CONNECTIONTIMEOUT=5000
            USE_FULL_LOGIN_INFO=false
            (so only username is submitted!?)
            USE_MULTIPLE=false

            Is there something else I need to modify so that the initial OX login password (imap-auth plugin) is also used by the email application?

            Or, if there are any (English) docs out the on imap-auth plugin that explains how it works....

            Thanks again.

            John
            You need to do two things:
            1. configure the imapauth plugin
            2. configure ox


            the latter needs a single change as documented here:



            [...]

            in /opt/open-xchange/etc/groupware/mail.properties set
            com.openexchange.mail.loginSource=name

            [...]

            Comment

            Working...
            X