Authentication IMAP Plugin description
Open-Xchange IMAP authentication module
Introduction
The Open-Xchange IMAP authentication module is used to perform the Open-Xchange authentication against a IMAP server. During login, a IMAP connection is opened with the user credentials given through the Open-Xchange API, e.g. the GUI login mask. If that IMAP connection succeeds, the user is authenticated and finally logged in to its Open-Xchange session.
The module does replace the database authentication module installed by default.
IMAP Authentication Matrix
The IMAP authentication module has configuration parameters which do influence the username used for the IMAP connection during login. The configuration file is:
/opt/open-xchange/etc/imapauth.properties
The parameters are:
- com.openexchange.mail.loginSource
- USE_FULL_LOGIN_INFO
- USE_MULTIPLE
- USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP (starting with 7.8.1)
- USE_FULL_LOGIN_INFO_FOR_CONTEXT_LOOKUP (starting with 7.8.2)
The following examples make the behavior of that parameters visible. The login string, passed as example to the Open-Xchange login mask, is
user@domain.tld
during the user provisioning, following attributes are set for the context via the createcontext call:
attribute | value |
contextname | domain.tld |
and the following parameters via the creatuser call:
attribute | value |
imaplogin | user1337 |
username | user |
exampleuser@otherdomain.tld |
com.openexchange.mail.loginSource=login
Property/Property | USE_FULL_LOGIN_INFO | ||
---|---|---|---|
true | false | ||
USE_MULTIPLE | true | user1337 | user1337 |
false | user@domain.tld | user |
com.openexchange.mail.loginSource=mail
Property/Property | USE_FULL_LOGIN_INFO | ||
---|---|---|---|
true | false | ||
USE_MULTIPLE | true | exampleuser@otherdomain.tld | exampleuser@otherdomain.tld |
false | user@domain.tld | user |
com.openexchange.mail.loginSource=name
Property/Property | USE_FULL_LOGIN_INFO | ||
---|---|---|---|
true | false | ||
USE_MULTIPLE | true | user@domain.tld | user |
false | user@domain.tld | user |
IMAP Authentication Extensions
Since v7.8.1 the "USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP" property gets introduced. According to the semantics of the "USE_FULL_LOGIN_INFO" property, the "USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP" property controls whether the full login string is supposed to be considered as the internal user name. If set to "true" the full login string is used to look-up the user; e.g. uses "jane@somewhere.org" instead of only "jane".
This is useful for setups, in which the full E-Mail address is used for the internal user name. Please note, that to allow provisioning of full E-Mail addresses the USER_ID check in AdminUser.properties needs to be turned off or allow the '@' character. You have to add the individual E-Mail addresses which belong to a context in the loginmapping (-L for create/changecontext). You can add multiple E-Mail addresses to the loginmapping, separated by a comma.
Install on OX App Suite
Debian GNU/Linux 11.0
Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:
deb https://software.open-xchange.com/products/appsuite/stable/backend/DebianBullseye/ /
# if you have a valid maintenance subscription, please uncomment the
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/DebianBullseye/ /
and run
$ apt-get update $ apt-get install open-xchange-authentication-imap
Debian GNU/Linux 12.0
Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:
deb https://software.open-xchange.com/products/appsuite/stable/backend/DebianBookworm/ /
# if you have a valid maintenance subscription, please uncomment the
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/DebianBookworm/ /
and run
$ apt-get update $ apt-get install open-xchange-authentication-imap