[Kolab-devel] [issue4161] DIMP not selectable in kolab-webclient login with auth driver kolab

Arvid Requate requate at univention.de
Fri Feb 26 21:45:31 CET 2010 

Dear Gunnar,

> hope it is okay if I'm moving this to the mailing list...

sure, thanks for the hint, after a bit of debugging I think I found the 
problem. There still were two imap login made with 'user' instead 
of 'uniquser'. A patch is attached to https://issues.kolab.org/issue4174

> So if that one does not work for you then I'd like to know what you  
> get when you debug through the line
> 
> $_SESSION['imp']['uniquser'] = $session->user_mail;

See details below. 

Thanks and best regards,
Arvid

IMP/DIMP login:
=========

Problem A) 
The call to
$imp_imap = &IMP_IMAP::singleton($_SESSION['imp']['user'], 
$credentials['password']);
fails in /usr/share/horde3/imp/lib/Auth/imp.php line 168, called by
/usr/share/horde3/lib/Horde/Auth.php(158): 
Auth_imp->_authenticate('user1 at univentio...', Array)
with
userID: 'user1 at univention.qa' , user: 'uid1', uniquser: 'user1 at univention.qa'

With the patch: 
$imp_imap = &IMP_IMAP::singleton($_SESSION['imp']['uniquser'], 
$credentials['password']);
the login succeeds. The full Call Stack at this point is as follows:
Dec 17 23:29:04 HORDE [error] [imp] DEBUG: Callstack:
#0 /usr/share/horde3/lib/Horde/Auth.php(158): 
Auth_imp->_authenticate('user1 at univentio...', Array)
#1 /usr/share/horde3/imp/lib/Auth/imp.php(97): 
Auth->authenticate('user1 at univentio...', Array, true)
#2 /usr/share/horde3/imp/lib/Session.php(212): 
Auth_imp->authenticate('user1 at univentio...', Array, true)
#3 /usr/share/horde3/imp/redirect.php(203): 
IMP_Session::createSession('uid1', 'univention', 'qamaster.univen...', Array)
#4 {main} [pid 23800 on line 139 of "/usr/share/horde3/imp/lib/Auth/imp.php"]

After that, six additional calls to this &IMP_IMAP::singleton are made with
 userID: '' , user: 'uid1', uniquser: 'user1 at univention.qa'
and with the patch the succeed as well. Call Stacks of the six attempts are 
given below.


Problem B)
In servers.php $_SESSION['imp']['uniquser'] is set to user1 at univention.qa all 
right, but this is irrelevant, I can comment it out without a change of 
behaviour. This is because in Line 114 
of /usr/share/horde3/imp/lib/Session.php ("Determine the unique user name.") 
the user is not Auth::isAuthenticated and the else branch is followed, 
setting
$_SESSION['imp']['uniquser'] back to $_SESSION['imp']['user']
as realm ist empty.

Now, the IMP::getAutoLoginServer call in line 161 somehow sets 
$_SESSION['imp']['uniquser'] back to the mailadress user1 at univention.qa, the 
show can go on :-)

The $auth_imp->authenticate($_SESSION['imp']['uniquser'] on line 212 succeeds, 

BUT

the $res = $imapclient->login($_SESSION['imp']['user'], $password); on line 
278 fails (calling Auth_imp::IMPsetAuthErrorMsg).

After replacing this call by
$res = $imapclient->login($_SESSION['imp']['uniquser'], $password);
the login by uid finally succeeds.

-- 
**** Besuchen Sie uns auf der CeBIT in Hannover 
vom 02.-06.03.2010 in Halle 2, Stand B 36 ****

Arvid Requate
Open Source Software Engineer

Univention GmbH
Linux for your business
Mary-Somerville-Str.1
28359 Bremen
Tel. : +49 421 22232-0
Fax : +49 421 22232-99

requate at univention.de
http://www.univention.de

Geschäftsführer: Peter H. Ganten
HRB 20755 Amtsgericht Bremen
Steuer-Nr.: 71-597-02876

More information about the devel mailing list