problem with a large number of users who do not have an account in nextcloud

[Sanmen87]

We have a roundcube mail server for 500+ people (teachers and students), only some of the people have an account on the nextcloud server. Your plugin constantly sends an authentication request to the nextcloud server for all users, which in our case freezes the webdav authentication. Have you ever thought about adding manual authentication to your plugin by pressing a button or sending a request to nextcloud only when credentials are specified in the settings? Your plugin works great on my home server with a small number of users. But at my work at the institute it is not applicable in the situation described above. =( Also, your plugin is currently the only relevant solution. I will eagerly watch the development of your project.

[bennet0496]

Nice to know, that someone is actually using the plugin :)

Do I understand it correctly that the plugin sending too many login requests, locking out the webmail server with fail2ban or smth due to failed attempts?

If this is that case I would guess the problem is, that technically on almost every page load the plugin is checking whether it has a valid login for the account. I see why this might be problematic... Tbh, at work I only had the plugin as a demo installation on a second instance and never looked what is actually happening on the Nextcloud side, so I never realized this might be a problem.

I will work out a solution tonight or this weekend

[Sanmen87]

Приятно знать, что кто-то действительно использует плагин :)

Правильно ли я понимаю, что плагин отправляет слишком много запросов на вход, блокирует сервер веб-почты с помощью Fail2ban или чего-то еще из-за неудачных попыток?

Если это так, я бы предположил, что проблема в том, что технически почти при каждой загрузке страницы плагин проверяет, есть ли у него действительный логин для учетной записи. Я понимаю, почему это может быть проблематично... Честно говоря, на работе у меня был плагин только в виде демонстрационной установки на втором экземпляре, и я никогда не смотрел, что на самом деле происходит на стороне Nextcloud, поэтому я никогда не осознавал, что это может быть проблемой.

Я найду решение сегодня вечером или на этих выходных

Nice to know, that someone is actually using the plugin :)

Do I understand it correctly that the plugin sending too many login requests, locking out the webmail server with fail2ban or smth due to failed attempts?

If this is that case I would guess the problem is, that technically on almost every page load the plugin is checking whether it has a valid login for the account. I see why this might be problematic... Tbh, at work I only had the plugin as a demo installation on a second instance and never looked what is actually happening on the Nextcloud side, so I never realized this might be a problem.

I will work out a solution tonight or this weekend

Yes, due to the large number of users who do not have an account on the cloud, the nextcloud server gets a webdav error - "TooManyRequests"

At the moment, your plugin is the only current solution for adding “large” files through the roundcube interface without first uploading the files to the cloud. I think this plugin has strong commercial potential. =))

[bennet0496]

After speaking with a colleague of mine, we figured that a interim solution would be to add the IP address of your Roundcube instance to the Brut-force IP whitelist in Nextcloud. If you are logged in as admin, in Settings and under Security:

However, as I said I will have a look at limiting WebDAV request to only what is necessary.

But one further question, with "large number of users who do not have an account on the cloud" do you mean lots of users have access to Nextcloud disabled via a group or something or are the Email and Nextcloud account technically independent? Because, the plugin is/was originally meant for environments where Email and Nextcloud accounts are the same, because both get the account from an LDAP or AD.

And it might have commercial potential, and someone can do it if they want to. It's an MIT License after all. But as software development is more of a side gig I do for myself, I'm not that interested in commercializing it :)

[Sanmen87]

With us, everything is complicated with authentication. =) On both servers there are two types of authentication: LDAP for domain users, and by login and password for external users (they are a minority). Also, there are only about 50 users out of 500 on the nextcloud server (limited by access group). There are also external users on the cloud. Today I’ll try to add a mail server to the nextcloud whitelist and add addresses that need to be excluded from access to the cloud to the plugin config.

[bennet0496]

I changed the behavior to cache the login result on error. and added an option (nextcloud_attachment_dont_try_mail_password) to prevent the plugin from trying the mail password at all and in any case ask the user to login first (if not done yet).

But I will have to do some more testing to see whether it is stable.

And I'm also working on options to more efficiently exclude users, that should not use the plugin, by abusing address books as group mappings. But this will need a bit more work as well.

There should hopefully be a stable version by monday.

[bennet0496]

I will also update the documentation in the README, once everything is done and working.

[Sanmen87]

I have configured the old version of the plugin for now. I added everyone who is not in the nextcloud to the plugin’s ban list. Added the Roundcube server to the white list on the cloud. everything is working. Thank you very much for your promptness and immediate response.

[bennet0496]

Great that this already worked for you.

I just published a new version with the promised changes.

And also thanks again for the report. Greatly appreciated :)