Difference between revisions of "Authentication IMAP Plugin description"

 
(11 intermediate revisions by 5 users not shown)
Line 1: Line 1:
= Open-Xchange imap authentication module =
+
= Open-Xchange IMAP authentication module =
  
 
== Introduction ==
 
== Introduction ==
The Open-Xchange imap authentication module is used to perform the Open-Xchange authentication against a IMAP server. During log in, a imap connection is opened with the users credentials given through the Open-Xchange login mask. If that IMAP connect succeeds, the users is authenticated and finally logged in to Open-Xchange.
+
The Open-Xchange IMAP authentication module is used to perform the Open-Xchange authentication against a IMAP server. During login, a IMAP connection is opened with the user credentials given through the Open-Xchange API, e.g. the GUI login mask. If that IMAP connection succeeds, the user is authenticated and finally logged in to its Open-Xchange session.
  
 
The module does replace the database authentication module installed by default.
 
The module does replace the database authentication module installed by default.
  
=== Imap Authentication Matrix ===
+
=== IMAP Authentication Matrix ===
  
The IMAP authentication module offers some main properties which influence the string which is used for authentication against an IMAP server:
+
The IMAP authentication module has configuration parameters which do influence the username used for the IMAP connection during login.  The configuration file is:
  
com.openexchange.mail.loginSource<br/>
+
/opt/open-xchange/etc/imapauth.properties
USE_FULL_LOGIN_INFO<br/>
+
 
USE_MULTIPLE<br/>
+
The parameters are:
 +
 
 +
* com.openexchange.mail.loginSource
 +
* USE_FULL_LOGIN_INFO
 +
* USE_MULTIPLE
 +
* USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP (starting with 7.8.1)
 +
* USE_FULL_LOGIN_INFO_FOR_CONTEXT_LOOKUP (starting with 7.8.2)
 +
 
 +
The following examples make the behavior of that parameters visible. The login string, passed as example to the Open-Xchange login mask, is
 +
 
 +
user@domain.tld
 +
 
 +
during the user provisioning, following attributes are set for the context via the createcontext call:
 +
 
 +
{|
 +
| attribute
 +
| value
 +
|-
 +
| contextname
 +
| domain.tld
 +
|}
 +
 
 +
and the following parameters via the creatuser call:
 +
 
 +
{|
 +
| attribute
 +
| value
 +
|-
 +
| imaplogin
 +
| user1337
 +
|-
 +
| username
 +
| user
 +
|-
 +
| email
 +
| exampleuser@otherdomain.tld
 +
|}
  
The following will show how they influence the results. In this example we have a user who types max.muster@firma.de to the login form,
 
his imaplogin at the database is "maxdb", his email address at the database is mm@1337.to
 
  
 
com.openexchange.mail.loginSource=login<br />
 
com.openexchange.mail.loginSource=login<br />
Line 29: Line 63:
 
!rowspan="2" | '''USE_MULTIPLE'''  
 
!rowspan="2" | '''USE_MULTIPLE'''  
 
! '''true'''  
 
! '''true'''  
| maxdb
+
| user1337
| maxdb
+
| user1337
 
|-
 
|-
 
! | '''false'''  
 
! | '''false'''  
| max.muster@firma.de
+
| user@domain.tld
| max.muster
+
| user
 
|}
 
|}
  
Line 49: Line 83:
 
!rowspan="2" | '''USE_MULTIPLE'''  
 
!rowspan="2" | '''USE_MULTIPLE'''  
 
! '''true'''  
 
! '''true'''  
| mm@1337.to
+
| exampleuser@otherdomain.tld
| mm@1337.to
+
| exampleuser@otherdomain.tld
 
|-
 
|-
 
! | '''false'''  
 
! | '''false'''  
| max.muster@firma.de
+
| user@domain.tld
| max.muster
+
| user
 
|}
 
|}
  
Line 69: Line 103:
 
!rowspan="2" | '''USE_MULTIPLE'''  
 
!rowspan="2" | '''USE_MULTIPLE'''  
 
! '''true'''  
 
! '''true'''  
| max.muster@firma.de
+
| user@domain.tld
| max.muster
+
| user
 
|-
 
|-
 
! | '''false'''  
 
! | '''false'''  
| max.muster@firma.de
+
| user@domain.tld
| max.muster
+
| user
 
|}
 
|}
  
{{InstallPlugin|pluginname=open-xchange-authentication-imap|sopath=stable}}
+
=== IMAP Authentication Extensions ===
 +
Since v7.8.1 the "USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP" property gets introduced. According to the semantics of the "USE_FULL_LOGIN_INFO" property, the "USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP" property controls whether the full login string is supposed to be considered as the internal user name. If set to "true" the full login string is used to look-up the user; e.g. uses "jane@somewhere.org" instead of only "jane".
 +
 
 +
This is useful for setups, in which the full E-Mail address is used for the internal user name. Please note, that to allow provisioning of full E-Mail addresses the USER_ID check in AdminUser.properties needs to be turned off or allow the '@' character. You have to add the individual E-Mail addresses which belong to a context in the loginmapping (-L for create/changecontext). You can add multiple E-Mail addresses to the loginmapping, separated by a comma.
 +
 
 +
 
 +
{{InstallPlugin|pluginname=open-xchange-authentication-imap|toplevel=products|sopath=appsuite/stable/backend|version=App Suite}}

Latest revision as of 07:12, 26 January 2017

Open-Xchange IMAP authentication module

Introduction

The Open-Xchange IMAP authentication module is used to perform the Open-Xchange authentication against a IMAP server. During login, a IMAP connection is opened with the user credentials given through the Open-Xchange API, e.g. the GUI login mask. If that IMAP connection succeeds, the user is authenticated and finally logged in to its Open-Xchange session.

The module does replace the database authentication module installed by default.

IMAP Authentication Matrix

The IMAP authentication module has configuration parameters which do influence the username used for the IMAP connection during login. The configuration file is:

/opt/open-xchange/etc/imapauth.properties

The parameters are:

  • com.openexchange.mail.loginSource
  • USE_FULL_LOGIN_INFO
  • USE_MULTIPLE
  • USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP (starting with 7.8.1)
  • USE_FULL_LOGIN_INFO_FOR_CONTEXT_LOOKUP (starting with 7.8.2)

The following examples make the behavior of that parameters visible. The login string, passed as example to the Open-Xchange login mask, is

user@domain.tld

during the user provisioning, following attributes are set for the context via the createcontext call:

attribute value
contextname domain.tld

and the following parameters via the creatuser call:

attribute value
imaplogin user1337
username user
email exampleuser@otherdomain.tld


com.openexchange.mail.loginSource=login

Property/Property USE_FULL_LOGIN_INFO
true false
USE_MULTIPLE true user1337 user1337
false user@domain.tld user

com.openexchange.mail.loginSource=mail

Property/Property USE_FULL_LOGIN_INFO
true false
USE_MULTIPLE true exampleuser@otherdomain.tld exampleuser@otherdomain.tld
false user@domain.tld user

com.openexchange.mail.loginSource=name

Property/Property USE_FULL_LOGIN_INFO
true false
USE_MULTIPLE true user@domain.tld user
false user@domain.tld user

IMAP Authentication Extensions

Since v7.8.1 the "USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP" property gets introduced. According to the semantics of the "USE_FULL_LOGIN_INFO" property, the "USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP" property controls whether the full login string is supposed to be considered as the internal user name. If set to "true" the full login string is used to look-up the user; e.g. uses "jane@somewhere.org" instead of only "jane".

This is useful for setups, in which the full E-Mail address is used for the internal user name. Please note, that to allow provisioning of full E-Mail addresses the USER_ID check in AdminUser.properties needs to be turned off or allow the '@' character. You have to add the individual E-Mail addresses which belong to a context in the loginmapping (-L for create/changecontext). You can add multiple E-Mail addresses to the loginmapping, separated by a comma.


Install on OX App Suite

Debian GNU/Linux 8.0

Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:

deb https://software.open-xchange.com/products/appsuite/stable/backend/DebianJessie/ /
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/DebianJessie/ /

and run

$ apt-get update
$ apt-get install open-xchange-authentication-imap

Debian GNU/Linux 9.0

Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:

deb https://software.open-xchange.com/products/appsuite/stable/backend/DebianStretch/ /
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/DebianStretch/ /

and run

$ apt-get update
$ apt-get install open-xchange-authentication-imap

SUSE Linux Enterprise Server 12

Add the package repository using zypper if not already present:

$ zypper ar https://software.open-xchange.com/products/appsuite/stable/backend/SLE_12 ox

If you have a valid maintenance subscription, please run the following command and add the ldb account data to the url so that the most recent packages get installed:

$ zypper ar https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/SLES11 ox-updates

and run

$ zypper ref
$ zypper in open-xchange-authentication-imap

RedHat Enterprise Linux 6

Start a console and create a software repository file if not already present:

$ vim /etc/yum.repos.d/ox.repo

[ox]
name=Open-Xchange
baseurl=https://software.open-xchange.com/products/appsuite/stable/backend/RHEL6/
gpgkey=https://software.open-xchange.com/oxbuildkey.pub
enabled=1
gpgcheck=1
metadata_expire=0m
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# [ox-updates]
# name=Open-Xchange Updates
# baseurl=https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/RHEL6/
# gpgkey=https://software.open-xchange.com/oxbuildkey.pub
# enabled=1
# gpgcheck=1
# metadata_expire=0m

and run

$ yum update
$ yum install open-xchange-authentication-imap

RedHat Enterprise Linux 7

Start a console and create a software repository file if not already present:

$ vim /etc/yum.repos.d/ox.repo

[ox]
name=Open-Xchange
baseurl=https://software.open-xchange.com/products/appsuite/stable/backend/RHEL7/
gpgkey=https://software.open-xchange.com/oxbuildkey.pub
enabled=1
gpgcheck=1
metadata_expire=0m
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# [ox-updates]
# name=Open-Xchange Updates
# baseurl=https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/RHEL7/
# gpgkey=https://software.open-xchange.com/oxbuildkey.pub
# enabled=1
# gpgcheck=1
# metadata_expire=0m

and run

$ yum update
$ yum install open-xchange-authentication-imap

CentOS 6

Start a console and create a software repository file if not already present:

$ vim /etc/yum.repos.d/ox.repo

[ox]
name=Open-Xchange
baseurl=https://software.open-xchange.com/products/appsuite/stable/backend/RHEL6/
gpgkey=https://software.open-xchange.com/oxbuildkey.pub
enabled=1
gpgcheck=1
metadata_expire=0m
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# [ox-updates]
# name=Open-Xchange Updates
# baseurl=https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/RHEL6/
# gpgkey=https://software.open-xchange.com/oxbuildkey.pub
# enabled=1
# gpgcheck=1
# metadata_expire=0m

and run

$ yum update
$ yum install open-xchange-authentication-imap

CentOS 7

Start a console and create a software repository file if not already present:

$ vim /etc/yum.repos.d/ox.repo

[ox]
name=Open-Xchange
baseurl=https://software.open-xchange.com/products/appsuite/stable/backend/RHEL7/
gpgkey=https://software.open-xchange.com/oxbuildkey.pub
enabled=1
gpgcheck=1
metadata_expire=0m
# if you have a valid maintenance subscription, please uncomment the 
# following and add the ldb account data to the url so that the most recent
# packages get installed
# [ox-updates]
# name=Open-Xchange Updates
# baseurl=https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/appsuite/stable/backend/updates/RHEL7/
# gpgkey=https://software.open-xchange.com/oxbuildkey.pub
# enabled=1
# gpgcheck=1
# metadata_expire=0m

and run

$ yum update
$ yum install open-xchange-authentication-imap