[horde] "Error: User is not authorized for imp" with PHP 5.6 ... another update

Ernie Dunbar maillist at lightspeed.ca
Thu Jun 12 22:01:12 UTC 2014


On 2014-06-12 11:15, Michael M Slusarz wrote: 

> Quoting Andy Dorman <adorman at ironicdesign.com>:
> On 06/12/2014 01:54 AM, Michael M Slusarz wrote: Quoting Andy Dorman <adorman at ironicdesign.com>: On 06/11/2014 12:53 PM, Michael M Slusarz wrote: Quoting Andy Dorman <adorman at ironicdesign.com>: On 06/10/2014 10:00 AM, Andy Dorman wrote: On 06/06/2014 09:20 AM, Andy Dorman wrote: On 05/29/2014 03:08 PM, Michael M Slusarz wrote: Quoting Ernie Dunbar <maillist at lightspeed.ca>: After yesterday's difficulty in getting Horde set up (I moved the directory back to its original installation value and changed back what configuration I had changed), I'm now up against something totally new. I'm able to log in to Horde with a regular user as well as the administrator, authenticate against our IMAP server (I can see the successful authentication in the IMAP server's logs), but nobody can use IMP. I just see that panel filled with the message: "ERROR User is not authorized for imp" If I try to click on the "Mail" menu at the top, I apparently get logged out, which seems strange. No... you are
being kicked out to the IMP authentication screen. I've been meaning to make this more clear on the login screen, so I should probably do it before we release 5.2. michael ___________________________________ Michael Slusarz [slusarz at horde.org]
 I just ran into the same problem, imp login failure, but I believe it
is because php 5.6 has apparently changed something that is causing imp
authentication to fail. So far I have not found a good indication of
what that might be. We run a development server where we test the latest
debian release of Horde Groupware Webmail (currently Horde 5.1.6/IMP
6.1.7-1). It has been working well with only a couple of minor issues
(apparent cookie timeouts and such). Last night it was working fine and
I read my email with no problems. This morning I updated the development
server to PHP 5.6.0-beta3 and was very surprised when I tried to log in
and got the Horde fatal error page at the end of this email. I mainly
want to alert the community that there may be a coming issue with PHP
5.6 that needs to be addressed. And if anyone knows of a suggested patch
to test, I will be happy to try it. We are using Apache2 with php-fpm
and there is nothing in the php-fpm log that indicates a problem. A
quick update on the PHP 5.6 login problem with IMP. - We have been
unable to revert our dev server(s) back from PHP 5.6 because of
complications unrelated to Horde. So we are stuck for the moment. The
good news is this only affects our dev server and has made us pretty
dedicated to fixing it. - The issue is not limited to Horde/IMP. PHP 5.6
is also affecting logins with roundcube AND even Drupal 6/7. No one
appears to know why yet. I was able to directly confirm the Drupal 6/7
issue when I mistakenly let our Drupal dev server upgrade PHP this
weekend. Fortunately I realized my mistake before upgrading the
production servers. There I held PHP at 5.5 while upgrading everything
else and the production sites are fine. - I reviewed the PHP 5.6
incompatible change docs at
http://www.php.net/manual/en/migration56.incompatible.php [1] and tried
adding openssl.verify_peer=false and openssl.verify_peer_name=false to
our php5/fpm/php.ini and that did not help. So we are stuck at the
moment. If anyone has any ideas or suggestions, we would love to hear
them. Thanks, More info. After some experimenting with /horde/test.php
we have found: 1. None of the /etc/php5/fpm/php.ini settings below
helps: - openssl.cafile =
/etc/ssl/certs/ourdomain_cert/mail.ourdomain.com.ca-bundle (same as used
by the local IMAP server to which we are trying to connect) -
openssl.capath = /etc/ssl/certs/ourdomain_cert/ - openssl.verify_peer =
false - openssl.verify_peer_name = false, This is most likely your
issue. If using a self-signed certificate, you won't be able to connect.
Michael, thank you for your response. I definitely agree it is likely
our issue. Something changed in PHP 5.6 that is no longer compatible
with our development configuration and I am just trying to document the
issue and hopefully the fix in case others run into it later. A
temporary fix might be to change the following in
Horde/Socket/Client.php (in PEAR installation directory). Line 177-ish.
From: $this->_stream = @stream_socket_client( $conn . $host . ':' .
$port, $error_number, $error_string, $timeout ); to: $this->_stream =
@stream_socket_client( $conn . $host . ':' . $port, $error_number,
$error_string, $timeout, STREAM_CLIENT_CONNECT,
stream_context_create(array( 'ssl' => array( 'verify_peer' => false,
'verify_peer_name' => false, ) )) ); Not tested, so YMMV. michael Thanks
Michael! I suspected the openssl context might need to be set in the
code, I had no idea where though. I will try this and report back. Even
though it is NOT a preferred solution because it turns off peer
verification, it could at least better indicate where and what I need to
change to get this working with tls. 

The flip side is that this is also completely opposite of the behavior 
pre-5.6 though. So if this fix does work, this will likely be the 
default configuration for Horde packages, at least for the current 
major point releases.


Michael Slusarz [slusarz at horde.org]

Yes! Finally! It works for me, using Debian Wheezy, PHP version

Thank you so much Michael! 

[1] http://www.php.net/manual/en/migration56.incompatible.php

More information about the horde mailing list