[Kolab-devel] [issue4161] DIMP not selectable in kolab-webclient login with auth driver kolab

Gunnar Wrobel wrobel at pardus.de
Sat Feb 27 21:43:52 CET 2010 

Quoting Arvid Requate <requate at univention.de>:

> Dear Gunnar,
>
>> hope it is okay if I'm moving this to the mailing list...
>
> sure, thanks for the hint, after a bit of debugging I think I found the
> problem. There still were two imap login made with 'user' instead
> of 'uniquser'.

I did not look at the code now nor did I debug the code yet. I'm  
certainly willing to do that but I do not understand the problem yet.  
 From your report I assume that the login on your server works via  
mail address but it fails if you try via UID. Is that correct?

If that is the case then this is something that I can currently not  
reproduce on a standard Kolab OpenPKG server.  
https://issues.kolab.org/issue3309 has been closed as resolved and UID  
login was explicitly tested. And I'm absolutely certain it works on  
the current release. My standard test user is usually named  
"1 at example.com" with UID "1". And I always login with this UID "1" as  
it is conveniently short.

If my assumption is correct and you fail to login via UID then  
something must be different on your server.

> A patch is attached to https://issues.kolab.org/issue4174
>
>> So if that one does not work for you then I'd like to know what you
>> get when you debug through the line
>>
>> $_SESSION['imp']['uniquser'] = $session->user_mail;
>
> See details below.
>
> Thanks and best regards,
> Arvid
>
> IMP/DIMP login:
> =========
>
> Problem A)
> The call to
> $imp_imap = &IMP_IMAP::singleton($_SESSION['imp']['user'],
> $credentials['password']);
> fails in /usr/share/horde3/imp/lib/Auth/imp.php line 168, called by
> /usr/share/horde3/lib/Horde/Auth.php(158):
> Auth_imp->_authenticate('user1 at univentio...', Array)
> with
> userID: 'user1 at univention.qa' , user: 'uid1', uniquser: 'user1 at univention.qa'
>
> With the patch:
> $imp_imap = &IMP_IMAP::singleton($_SESSION['imp']['uniquser'],
> $credentials['password']);
> the login succeeds. The full Call Stack at this point is as follows:
> Dec 17 23:29:04 HORDE [error] [imp] DEBUG: Callstack:
> #0 /usr/share/horde3/lib/Horde/Auth.php(158):
> Auth_imp->_authenticate('user1 at univentio...', Array)
> #1 /usr/share/horde3/imp/lib/Auth/imp.php(97):
> Auth->authenticate('user1 at univentio...', Array, true)
> #2 /usr/share/horde3/imp/lib/Session.php(212):
> Auth_imp->authenticate('user1 at univentio...', Array, true)
> #3 /usr/share/horde3/imp/redirect.php(203):
> IMP_Session::createSession('uid1', 'univention', 'qamaster.univen...', Array)
> #4 {main} [pid 23800 on line 139 of "/usr/share/horde3/imp/lib/Auth/imp.php"]
>
> After that, six additional calls to this &IMP_IMAP::singleton are made with
>  userID: '' , user: 'uid1', uniquser: 'user1 at univention.qa'
> and with the patch the succeed as well. Call Stacks of the six attempts are
> given below.
>
>
> Problem B)
> In servers.php $_SESSION['imp']['uniquser'] is set to user1 at univention.qa all
> right, but this is irrelevant, I can comment it out without a change of
> behaviour. This is because in Line 114
> of /usr/share/horde3/imp/lib/Session.php ("Determine the unique user name.")
> the user is not Auth::isAuthenticated and the else branch is followed,
> setting
> $_SESSION['imp']['uniquser'] back to $_SESSION['imp']['user']
> as realm ist empty.
>
> Now, the IMP::getAutoLoginServer call in line 161 somehow sets
> $_SESSION['imp']['uniquser'] back to the mailadress user1 at univention.qa, the
> show can go on :-)
>
> The $auth_imp->authenticate($_SESSION['imp']['uniquser'] on line 212  
> succeeds,
>
> BUT
>
> the $res = $imapclient->login($_SESSION['imp']['user'], $password); on line
> 278 fails (calling Auth_imp::IMPsetAuthErrorMsg).
>
> After replacing this call by
> $res = $imapclient->login($_SESSION['imp']['uniquser'], $password);
> the login by uid finally succeeds.
>

I'm not certain I follow your steps here. But am I correct if I assume  
that your patch is about always using the "uniquser" value as that  
contains the mail address rather than the UID? And that login fails if  
the code tries to use the UID?

It may well be that this also happens on the OpenPKG server. The  
difference would be: A login via UID on the Imapd server succeeds. It  
has to succeed as you won't be able to use UID login with an external  
client on your IMAP server.

Can you give me some additional hints?

Cheers,

Gunnar

> --
> **** Besuchen Sie uns auf der CeBIT in Hannover
> vom 02.-06.03.2010 in Halle 2, Stand B 36 ****
>
> Arvid Requate
> Open Source Software Engineer
>
> Univention GmbH
> Linux for your business
> Mary-Somerville-Str.1
> 28359 Bremen
> Tel. : +49 421 22232-0
> Fax : +49 421 22232-99
>
> requate at univention.de
> http://www.univention.de
>
> Geschäftsführer: Peter H. Ganten
> HRB 20755 Amtsgericht Bremen
> Steuer-Nr.: 71-597-02876
>
> _______________________________________________
> Kolab-devel mailing list
> Kolab-devel at kolab.org
> https://kolab.org/mailman/listinfo/kolab-devel



-- 
______ http://kdab.com _______________ http://kolab-konsortium.com _

p at rdus Kolab work is funded in part by KDAB and the Kolab Konsortium

____ http://www.pardus.de _________________ http://gunnarwrobel.de _
E-mail : p at rdus.de                                 Dr. Gunnar Wrobel
Tel.   : +49 700 6245 0000                          Bundesstrasse 29
Fax    : +49 721 1513 52322                          D-20146 Hamburg
--------------------------------------------------------------------
    >> Mail at ease - Rent a kolab groupware server at p at rdus <<
--------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.kolab.org/pipermail/devel/attachments/20100227/ade9ff2a/attachment.sig>

More information about the devel mailing list