Login in WebUI not working

[Keridos]

It seems this does not enable you to login via the web console, does it?

I made a custom change (already had users) and just used the config files. I can login into IMAP/SMTP and SOGO fine via ldap but the webinterface of mailcow seems to still authenticate against something else. What reason could there be for that?

[Programmierus]

Ouch... Good question. I don't need that since I do not allow my users to login to mailcow web console... I guess it might need a custom code within the mailcow...

[Keridos]

Workaround might be something a bit more hacky, just replace the password hashes in the SQL database.

[Programmierus]

Yeah, but this is not that clean and I am not sure Mailcow supports hashes that are being provided through LDAP.

[Keridos]

my server uses SSHA, which should be supported, the code for the authorization of the webinterface is here btw: https://github.com/mailcow/mailcow-dockerized/blob/48b74d77a0c39bcb3399ce6603e1ad424f01fc3e/data/web/inc/functions.inc.php#L508

[Programmierus]

Yes, well, but others do not provide SSHA (e.g. AD)... Yes, this looks like a correct part where ldap authentication should go in. Now we have to find somebody who has time to implement it and than submit a PR to André :)

[Programmierus]

I have made a dirty hack assuming the dovecot already has an LDAP integration... You may try add the following above this line:

    $mbox = imap_open ("{dovecot:993/imap/ssl/novalidate-cert}INBOX", $user, $pass);
    if ($mbox != false) {
        imap_close($mbox);
        return "user";
    }

Now I have to ask @andryyy what he thinks about it :)

[osnet]

nice one.... Webui Login OK, EAS OK, interesting point .. it seems loggin in via ldap to EAS might need a permission configuration. old stuff cannot be seen . new stuff is seen on both local and ldap clients