Authentication IMAP Plugin description

From Open-Xchange
Revision as of 07:23, 18 January 2016 by Choeger (talk | contribs)

Open-Xchange IMAP authentication module

Introduction

The Open-Xchange IMAP authentication module is used to perform the Open-Xchange authentication against a IMAP server. During login, a IMAP connection is opened with the user credentials given through the Open-Xchange API, e.g. the GUI login mask. If that IMAP connection succeeds, the user is authenticated and finally logged in to its Open-Xchange session.

The module does replace the database authentication module installed by default.

IMAP Authentication Matrix

The IMAP authentication module has configuration parameters which do influence the username used for the IMAP connection during login. The configuration file is:

/opt/open-xchange/etc/imapauth.properties

The parameters are:

  • com.openexchange.mail.loginSource
  • USE_FULL_LOGIN_INFO
  • USE_MULTIPLE
  • USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP (starting with 7.8.1)

The following examples make the behavior of that parameters visible. The login string, passed as example to the Open-Xchange login mask, is

user@domain.tld

during the user provisioning, following attributes are set for the context via the createcontext call:

attribute value
contextname domain.tld

and the following parameters via the creatuser call:

attribute value
imaplogin user1337
username user
email exampleuser@otherdomain.tld


com.openexchange.mail.loginSource=login

Property/Property USE_FULL_LOGIN_INFO
true false
USE_MULTIPLE true user1337 user1337
false user@domain.tld user

com.openexchange.mail.loginSource=mail

Property/Property USE_FULL_LOGIN_INFO
true false
USE_MULTIPLE true exampleuser@otherdomain.tld exampleuser@otherdomain.tld
false user@domain.tld user

com.openexchange.mail.loginSource=name

Property/Property USE_FULL_LOGIN_INFO
true false
USE_MULTIPLE true user@domain.tld user
false user@domain.tld user

IMAP Authentication Extensions

Since v7.8.1 the "USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP" property gets introduced. According to the semantics of the "USE_FULL_LOGIN_INFO" property, the "USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP" property controls whether the full login string is supposed to be considered as the internal user name. If set to "true" the full login string is used to look-up the user; e.g. uses "jane@somewhere.org" instead of only "jane".

This is useful for setups, in which the full E-Mail address is used for the internal user name. Please note, that to allow provisioning of full E-Mail addresses the USER_ID check in AdminUser.properties needs to be turned off or allow the '@' character

Install on OX App Suite

Debian GNU/Linux 11.0

Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:

deb https://software.open-xchange.com/products/appsuite/stable/backend/DebianBullseye/ /
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/DebianBullseye/ /

and run

$ apt-get update
$ apt-get install open-xchange-authentication-imap

Debian GNU/Linux 12.0

Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:

deb https://software.open-xchange.com/products/appsuite/stable/backend/DebianBookworm/ /
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/DebianBookworm/ /

and run

$ apt-get update
$ apt-get install open-xchange-authentication-imap