Open-Xchange IMAP authentication module

Introduction

The Open-Xchange IMAP authentication module is used to perform the Open-Xchange authentication against a IMAP server. During login, a IMAP connection is opened with the user credentials given through the Open-Xchange API, e.g. the GUI login mask. If that IMAP connection succeeds, the user is authenticated and finally logged in to its Open-Xchange session.

The module does replace the database authentication module installed by default.

IMAP Authentication Matrix

The IMAP authentication module has configuration parameters which do influence the username used for the IMAP connection during login. The configuration file is:

/opt/open-xchange/etc/imapauth.properties

The parameters are:

  • com.openexchange.mail.loginSource
  • USE_FULL_LOGIN_INFO
  • USE_MULTIPLE
  • USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP (starting with 7.8.1)
  • USE_FULL_LOGIN_INFO_FOR_CONTEXT_LOOKUP (starting with 7.8.2)

The following examples make the behavior of that parameters visible. The login string, passed as example to the Open-Xchange login mask, is

user@domain.tld

during the user provisioning, following attributes are set for the context via the createcontext call:

attribute value
contextname domain.tld

and the following parameters via the creatuser call:

attribute value
imaplogin user1337
username user
email exampleuser@otherdomain.tld


com.openexchange.mail.loginSource=login

Property/Property USE_FULL_LOGIN_INFO
true false
USE_MULTIPLE true user1337 user1337
false user@domain.tld user

com.openexchange.mail.loginSource=mail

Property/Property USE_FULL_LOGIN_INFO
true false
USE_MULTIPLE true exampleuser@otherdomain.tld exampleuser@otherdomain.tld
false user@domain.tld user

com.openexchange.mail.loginSource=name

Property/Property USE_FULL_LOGIN_INFO
true false
USE_MULTIPLE true user@domain.tld user
false user@domain.tld user

IMAP Authentication Extensions

Since v7.8.1 the "USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP" property gets introduced. According to the semantics of the "USE_FULL_LOGIN_INFO" property, the "USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP" property controls whether the full login string is supposed to be considered as the internal user name. If set to "true" the full login string is used to look-up the user; e.g. uses "jane@somewhere.org" instead of only "jane".

This is useful for setups, in which the full E-Mail address is used for the internal user name. Please note, that to allow provisioning of full E-Mail addresses the USER_ID check in AdminUser.properties needs to be turned off or allow the '@' character

Installation on OX App Suite

Debian GNU/Linux 7.0

Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:

deb https://software.open-xchange.com/products/appsuite/stable/backend/DebianWheezy/ /
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/DebianWheezy/ /

and run

$ apt-get update
$ apt-get install open-xchange-authentication-imap

Debian GNU/Linux 8.0

Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:

deb https://software.open-xchange.com/products/appsuite/stable/backend/DebianJessie/ /
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/DebianJessie/ /

and run

$ apt-get update
$ apt-get install open-xchange-authentication-imap

SUSE Linux Enterprise Server 11

Add the package repository using zypper if not already present:

$ zypper ar https://software.open-xchange.com/products/appsuite/stable/backend/SLES11 ox

If you have a valid maintenance subscription, please run the following command and add the ldb account data to the url so that the most recent packages get installed:

$ zypper ar https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/SLES11 ox-updates

and run

$ zypper ref
$ zypper in open-xchange-authentication-imap

SUSE Linux Enterprise Server 12

Add the package repository using zypper if not already present:

$ zypper ar https://software.open-xchange.com/products/appsuite/stable/backend/SLE_12 ox

If you have a valid maintenance subscription, please run the following command and add the ldb account data to the url so that the most recent packages get installed:

$ zypper ar https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/SLES11 ox-updates

and run

$ zypper ref
$ zypper in open-xchange-authentication-imap

RedHat Enterprise Linux 6

Start a console and create a software repository file if not already present:

$ vim /etc/yum.repos.d/ox.repo

[ox]
name=Open-Xchange
baseurl=https://software.open-xchange.com/products/appsuite/stable/backend/RHEL6/
gpgkey=https://software.open-xchange.com/oxbuildkey.pub
enabled=1
gpgcheck=1
metadata_expire=0m
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# [ox-updates]
# name=Open-Xchange Updates
# baseurl=https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/RHEL6/
# gpgkey=https://software.open-xchange.com/oxbuildkey.pub
# enabled=1
# gpgcheck=1
# metadata_expire=0m

and run

$ yum update
$ yum install open-xchange-authentication-imap

RedHat Enterprise Linux 7

Start a console and create a software repository file if not already present:

$ vim /etc/yum.repos.d/ox.repo

[ox]
name=Open-Xchange
baseurl=https://software.open-xchange.com/products/appsuite/stable/backend/RHEL7/
gpgkey=https://software.open-xchange.com/oxbuildkey.pub
enabled=1
gpgcheck=1
metadata_expire=0m
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# [ox-updates]
# name=Open-Xchange Updates
# baseurl=https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/RHEL7/
# gpgkey=https://software.open-xchange.com/oxbuildkey.pub
# enabled=1
# gpgcheck=1
# metadata_expire=0m

and run

$ yum update
$ yum install open-xchange-authentication-imap

CentOS 6

Start a console and create a software repository file if not already present:

$ vim /etc/yum.repos.d/ox.repo

[ox]
name=Open-Xchange
baseurl=https://software.open-xchange.com/products/appsuite/stable/backend/RHEL6/
gpgkey=https://software.open-xchange.com/oxbuildkey.pub
enabled=1
gpgcheck=1
metadata_expire=0m
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# [ox-updates]
# name=Open-Xchange Updates
# baseurl=https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/RHEL6/
# gpgkey=https://software.open-xchange.com/oxbuildkey.pub
# enabled=1
# gpgcheck=1
# metadata_expire=0m

and run

$ yum update
$ yum install open-xchange-authentication-imap

CentOS 7

Start a console and create a software repository file if not already present:

$ vim /etc/yum.repos.d/ox.repo

[ox]
name=Open-Xchange
baseurl=https://software.open-xchange.com/products/appsuite/stable/backend/RHEL7/
gpgkey=https://software.open-xchange.com/oxbuildkey.pub
enabled=1
gpgcheck=1
metadata_expire=0m
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# [ox-updates]
# name=Open-Xchange Updates
# baseurl=https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/RHEL7/
# gpgkey=https://software.open-xchange.com/oxbuildkey.pub
# enabled=1
# gpgcheck=1
# metadata_expire=0m

and run

$ yum update
$ yum install open-xchange-authentication-imap