search

nextcloud / user_external

👥 External user authentication methods like IMAP, SMB and FTP
https://apps.nextcloud.com/apps/user_external
108 stars 64 forks source link

Unable to configure user_external properly #105

Closed michelmay closed 4 years ago

michelmay commented 5 years ago

Hello everybody,

I know, this is not the most sophisticated bug report but I am not an expert at all so please bear with me. What I'm asking for, basically, are the simple most instructions that I must follow in order to get user_external working again after updating to 0.6.4. I have been reading here on github and tempering with my server for 3 days straight, completely crashing our NC and now I simply don't have the nerve anymore - no offence intended.

My issue in short:

Current config.php:

  'user_backends' => 
  array (
    0 => 
    array (
      'class' => 'OC_User_IMAP',
      'arguments' => 
      array (
    '127.0.0.1', 993, 'ssl', 'mydomain.de', false, false
      ),
    ),
  ),

Note: For testing purposes, I removed user_external from the app_install_overwrite array. Was that good / bad / unimportant?

Please help! I'm close to killing myself or others. Haven't decided yet.

Server configuration

User External App version: (see Nextcloud apps page) 0.6.4

Operating system: CentOS Linux release 7.6.1810 (Core)

Web server: Apache/2.4.6 (CentOS)

Database: Ver 15.1 Distrib 5.5.60-MariaDB, for Linux (x86_64) using readline 5.1

PHP version: 7.1 (Used via PLESK)

Nextcloud version: (see Nextcloud admin page) 16.0.4

Updated from an older Nextcloud/ownCloud or fresh install: 15.x ? dunno

violoncelloCH commented 5 years ago

Hi @michelmay My guess is it fails, because it can't verify the mail servers certificate if you contact it over localhost/127.0.0.1 (doesn't match the name on the certificate)... I would recommend you to use the domain name for your mail server even tough it's on the same server as then the certificate should be accepted as valid... If you want to make sure the traffic is routed locally, add a respective entry for your domain name in the /etc/hosts file on your server. Could you try if this works for you? Regarding the logging, the issue here is that we use an external component (roundcube) for the mail here, which doesn't log to the Nextcloud log by default. For this, PR #102 should help, which will be part of the next release.

michelmay commented 5 years ago

I would recommend you to use the domain name for your mail server even tough it's on the same server [...]

By now, I have (again) tried the following lines:

Was that what you meant? In any case, it didn't work =/

If you want to make sure the traffic is routed locally, add a respective entry for your domain name in the /etc/hosts file on your server. Could you try if this works for you?

I would love to do that, but I'm afraid I have no idea how to properly tweak these files and I've been breaking enough working systems in the last few weeks. Could you give an exact line that I could copy / paste, please? I'd appreciate that. Like I said, I'm really not good with web hosting, sorry :(

I'll post the current contents of the etc/hosts below: 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 # Auto-generated hostname. Please do not remove this comment. XX.XXX.XX.XX myserver.myhost.net myserver

michelmay commented 5 years ago

UPDATE:

I tried version 0.7 today without any luck. I updated from 0.6.4 on my 'production' server (A) - no success. I installed user_external on a clean(ish) NC on a testing server (B), attempting to log in via server A's IMAP -> nope.

I don't know if this is related, but there seems to be an issue with the DB on server B. Like I said, it was a fresh install of user_external there. Whenever I check the oc_users_external table via phpMyAdmin, however, I am getting SQL errors. I tried dropping the table multiple times along with re-installing user_external, but it's always the same thing:

Warning in ./libraries/sql.lib.php#613
count(): Parameter must be an array or an object that implements Countable

Backtrace

./libraries/sql.lib.php#2128: PMA_isRememberSortingOrder(array)
./libraries/sql.lib.php#2079: PMA_executeQueryAndGetQueryResponse(
array,
boolean true,
string 'nextcloud',
string 'oc_users_external',
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
string '',
string './themes/pmahomme/img/',
NULL,
NULL,
NULL,
string 'SELECT * FROM `oc_users_external`',
NULL,
NULL,
)
./sql.php#221: PMA_executeQueryAndSendQueryResponse(
array,
boolean true,
string 'nextcloud',
string 'oc_users_external',
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
string '',
string './themes/pmahomme/img/',
NULL,
NULL,
NULL,
string 'SELECT * FROM `oc_users_external`',
NULL,
NULL,
)
violoncelloCH commented 4 years ago

thanks for the feedback @michelmay and sorry for the late response

Was that what you meant? In any case, it didn't work =/

hmm

I would love to do that, but I'm afraid I have no idea how to properly tweak these files and I've been breaking enough working systems in the last few weeks. Could you give an exact line that I could copy / paste, please? I'd appreciate that. Like I said, I'm really not good with web hosting, sorry :(

that would be a new line with 127.0.0.1 mail.mydomain.de

hmm, have you set your loglevel to 0 and try to log in over user_external and there is still no log entry?

that DB error is strange, though I can't say if this is an error with phpmyadmin or something caused by Nextcloud/user_external

michelmay commented 4 years ago

Thank you for still tending to this matter (and sorry for this late reply).

hmm, have you set your loglevel to 0 and try to log in over user_external and there is still no log entry?

As I stated in my first post, I didn't see any user_external-related output in my log files, but today, for some (lucky) reason, I was finally able to get some feedback. Now, my log file is actually getting spammed with the following message:

[core] Error: User backend OC_User_IMAP not found.

This error wasn't there before, but I sincerely hope it helps us getting closer to the issue. For now, I have disabled user_external and removed the respective line from the NC config file.

I'm sorry for being such a bother as this seems to be a very basic problem.

violoncelloCH commented 4 years ago

As I stated in my first post, I didn't see any user_external-related output in my log files, but today, for some (lucky) reason, I was finally able to get some feedback. Now, my log file is actually getting spammed with the following message:

[core] Error: User backend OC_User_IMAP not found.

Hmm, this happens if either the app is deactivated but the config still referencing the backend or if parts of the code is either missing or not loaded correctly... Maybe it would be worth it to completely uninstall the app (remove the user_external directory from apps/ and install it over again

michelmay commented 4 years ago

Progress! I uninstalled user_external, deleted the lines from the config file and dropped the database table, then reinstalled the whole thing. Now I am getting the following error:

[user_external] Error: ERROR: Could not connect via roundcube lib: The Auth_SASL package is required for DIGEST-MD5 authentication
POST /cloud/index.php/login
from XXX.XXX.XXX.XXX at 2019-10-18T22:36:48+00:00
violoncelloCH commented 4 years ago

hmm looks like your imap server configuration requires auth_sasl, so you would need to install that php package to make it work... can you try this? looks the same as https://github.com/nextcloud/user_external/issues/97#issuecomment-538661088 so this might be interesting for you to take a look there...

michelmay commented 4 years ago

Before I continue messing around with things again, you mean this plugin, right? https://pear.php.net/package/Auth_SASL2

and not its outdated version here https://pear.php.net/package/Auth_SASL/

I spent one hour fiddling around with the server yesterday, but we're running PLESK (12.0) on it so adding PHP packages wasn't half as easy as I'd have hoped.

Mannshoch commented 4 years ago

@violoncelloCH I already spoke with my webhoster and they installed Auth_SASL

I do not know what they installed Auth_SASL or Auth_SASL2

violoncelloCH commented 4 years ago

sorry for the late reply

From Roundcubes documentation:

  • Auth_SASL 1.1.0 or newer

https://github.com/roundcube/roundcubemail/wiki/Install-Requirements

it looks like auth_sasl is used, not auth_sasl2; auth_sasl is unmaintained but auth_sasl2 is still in beta, so maybe that's the reason it's not yet used by roundcube...

michelmay commented 4 years ago

I was able to install Auth_SASL 1.1.0, but logging in hasn't been possible yet. I have tried a stupid amount of configurations, which I am going to post below. I have added the respective error messages.

Note: 11.22.33.44 -> the IP of the server

  'user_backends' => array(
    array(
        'class' => 'OC_User_IMAP',
        'arguments' => array(
            '127.0.0.1 mail.mydomain.de'
        ),
    ),
  ),
violoncelloCH commented 4 years ago

hi everyone we have a nice new approach for IMAP authentication which hopefully also fixes this issue from @rollbrettler in #122 (Thanks a lot to them!) now we're looking for as much volunteers as possible to test this out, so please take a look at #122 - further info (also on how to proceed) will be following there...

please take a look at this comment with info on how to proceed: https://github.com/nextcloud/user_external/pull/122#issuecomment-582109772