search

nextcloud / user_external

👥 External user authentication methods like IMAP, SMB and FTP
https://apps.nextcloud.com/apps/user_external
108 stars 64 forks source link

IMAP auth not working: Auth_SASL package required for DIGEST-MD5 #116

Closed aikencz closed 4 years ago

aikencz commented 4 years ago

Steps to reproduce

  1. Install the user_external app.
  2. Configure the app to use IMAP authentication.
  3. Try to login as an external user.

Expected behaviour

The user should be logged in.

Actual behaviour

The user is not logged in and the following message is written to the log:

_ERROR: Could not connect via roundcube lib: The AuthSASL package is required for DIGEST-MD5 authentication

The problem is that the rouncube library always use DIGEST-MD5 (this is hard-wired and can't be changed) and the appropriate PEAR package is not contained in the built-in PEAR library. Additionally, the system PEAR library can't be used due to the Nextcloud-defined namespaces.

The only workaround is currently to disable integrity checking and to modify the files manually (for example to set another SASL method, e.g. PLAIN).

Affected Authentication backend

Eg. FTP or IMAP or is it a general problem?

Server configuration

User External App version: 0.7.0

Operating system: Debian 9.0

Web server: Apache 2.4.25-3+deb9u9

Database: MariaDB 10.1.41-0+deb9u1

PHP version: 7.3.13-1+0~20191218.50+debian9~1.gbp23c2da

Nextcloud version: 17.0.2

Updated from an older Nextcloud/ownCloud or fresh install: updated

Where did you install Nextcloud from: Nextcloud website

Signing status:

Signing status No errors have been found.

List of activated apps:

App list Enabled: - accessibility: 1.3.0 - activity: 2.10.1 - admin_audit: 1.7.0 - bruteforcesettings: 1.4.0 - calendar: 1.7.1 - cloud_federation_api: 1.0.0 - comments: 1.7.0 - contacts: 3.1.6 - dav: 1.13.0 - federatedfilesharing: 1.7.0 - federation: 1.7.0 - files: 1.12.0 - files_external: 1.8.0 - files_pdfviewer: 1.6.0 - files_rightclick: 0.15.1 - files_sharing: 1.9.0 - files_trashbin: 1.7.0 - files_versions: 1.10.0 - files_videoplayer: 1.6.0 - firstrunwizard: 2.6.0 - gallery: 18.4.0 - logreader: 2.2.0 - lookup_server_connector: 1.5.0 - mail: 0.21.0 - nextcloud_announcements: 1.6.0 - notes: 3.1.0 - notifications: 2.5.0 - oauth2: 1.5.0 - password_policy: 1.7.0 - privacy: 1.1.0 - provisioning_api: 1.7.0 - recommendations: 0.5.0 - serverinfo: 1.7.0 - sharebymail: 1.7.0 - spreed: 7.0.2 - support: 1.0.1 - survey_client: 1.5.0 - systemtags: 1.7.0 - tasks: 0.11.3 - text: 1.1.1 - theming: 1.8.0 - twofactor_backupcodes: 1.6.0 - updatenotification: 1.7.0 - user_external: 0.7.0 - viewer: 1.2.0 - workflowengine: 1.7.0 Disabled: - deck - encryption - files_mindmap - mindmaps - ownpad - radio - user_ldap

Nextcloud configuration:

Config report { "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "cloud.aiken.cz" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "17.0.2.1", "overwrite.cli.url": "https:\/\/cloud.aiken.cz", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_smtpmode": "smtp", "mail_smtpauthtype": "LOGIN", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "maxZipInputSize": 104857600, "allowZipDownload": true, "forcessl": true, "default_language": "cs_CZ", "log_authfailip": true, "appstore.experimental.enabled": true, "user_backends": [ { "class": "OC_User_IMAP", "arguments": [ "mx.aiken.cz", 993, "ssl", null, false, false ] } ], "maintenance": false, "theme": "", "loglevel": 1, "memcache.local": "\\OC\\Memcache\\APCu", "updater.secret": "***REMOVED SENSITIVE VALUE***", "mysql.utf8mb4": true } }

Logs

Web server error log

Web server error log (No error in the web server error log.)

Nextcloud log (data/nextcloud.log)

Nextcloud log {"reqId":"Yf5XXIaihOpCpDkHyyM5","level":3,"time":"2019-12-30T22:51:09+00:00","remoteAddr":"2a00:1028:9197:dd1a:858c:46d0:7e9b:7c1c","user":"--","app":"user_external","method":"POST","url":"\/index.php\/login","message":"ERROR: Could not connect via roundcube lib: The Auth_SASL package is required for DIGEST-MD5 authentication","userAgent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko\/20100101 Firefox\/71.0","version":"17.0.2.1"}

Browser log

Browser log (Not applicable here.)
mleu77 commented 4 years ago

Same problem here: Only way to get it working with mail-provider strato.de is to modify /apps/user_external/lib:

$params = ["port"=>$this->port, "timeout"=>10, "auth_type" => "CRAM-MD5"];

violoncelloCH commented 4 years ago

hi everyone we have a nice new approach for IMAP authentication which hopefully fixes this issue from @rollbrettler in #122 (Thanks a lot to them!) now we're looking for as much volunteers as possible to test this out, so please take a look at #122 - further info (also on how to proceed) will be following there...

violoncelloCH commented 4 years ago

please take a look at this comment with info on how to proceed: https://github.com/nextcloud/user_external/pull/122#issuecomment-582109772