[horde] User not authorized for Mail

James Mohr horde at jimmo.com
Tue Jul 11 15:37:48 UTC 2017 

I appreaciate all of your help so far.

Quoting "Maurício José T. Tecles" <mtecles at biof.ufrj.br>:
Citando James Mohr <horde at jimmo.com>:
Quoting Michael J Rubinsky <mrubinsk at horde.org>:
What authentication backend are you using for Horde? Are you really   
using HTTP authentication?
On the page Authentication Settings in the Horde cconfiguration under
"$conf[auth][driver]" I have "HTTP (Basic Authentication/.htpasswd)
authentication".  Is there something else I need to change?
Why use .htpasswd if you intend to use an IMAP server?  See below (*).
Sorry for the misunderstanding. I obviously forget an important aspect  
of this configuration. The entire server is protected using HTTP basic  
authentication. Each user must first login through the HTTP basic  
authentication before accessing Horde. Login through apache is  
successful and I can access all of the other applications. Only access  
to imp is not working. (User jimmo is not authorized for Mail)
In the system logs (journalctl) I see:

[imp] [login] Server does not support TLS connections.

That seems clear enough so after googling I changed   
backends.local.php so it now looks like this:

// IMAP server
$servers['imap'] = array(
'disabled' => false,
'name' => 'localhost',
'hostspec' => 'myhost.mydomain.'tld,
'hordeauth' => false,
'protocol' => 'imap',
'secure' => 'false',
);
Are you requiring your users to login separately to Email?
Not intentionally. I have looked through the Horde and Imp
confifuration and I do not find any place to require users to login
separately to email.
Either you did not understand the question or I did not understand  
what you want.
What I meant was *IF* Horde is somehow configured so it is "requiring  
your users to login separately to Email", it was unintentional on my  
part. I do not what a separate login. I want users to login with the  
basic http authentication and not have to login a second time. I have  
a very old system where this worked (5.2.13) and I am trying to get  
the same configuration on a new system.
If you are not going to to login separately to Email, I suggest  
configuring a Horde application (imp) to authenticate. Go to the  
"Authentication" tab and configure:

$conf[auth][driver]: Let a Horde application handle authentication

$conf[auth][params][app]: imp

$conf[auth][admins]: "your_login"
To test the configuration I tried that. I get the login prompt but  
cannot login.

Unfortunately, I cannot do anything any more because I cannot login at  
all. That is, I cannot change the authentication method back to HTTP  
basic. I cannot find a file where this is changed.
(*) And that answers the question above. You are going to use Imp to  
authenticate against an IMAP server. As I understand, your users are  
Mail users, not HTTP users (although they are going to use a web  
interface - imp - to the mail service). See below (**).

Be sure that your web server uses encryption (https) and configure  
Horde to do so:

URL Settings * $conf[use_ssl]:
Is this absolutely necessary in that this configuration will not work  
without it? I would like to get this running first, before I add any  
additional configuration.
Does it make a different if true/false are included in single-quotes?
'disabled' => false,
'secure' => 'false',
No change. My biggest question at this point is to what exactly is   
Horde connecting. IMAP? POP3? My assumption is IMAP because of the   
complete log entry:
Yes, according to the above configuration stanza, you are connecting   
to an IMAP server running on 'myhost.mydomain.tld'. I'm assuming the   
misplaced quotation mark in your stanza is a typo, as that would   
cause a parse error in PHP when loaded.
Yes. That was I typo when I changed the real domain in the email.
Jun 24 16:32:37 sonne-new HORDE[3058]: [imp] [login] Server does  not  
support TLS connections. [pid 3058 on line 730 of   
"/data/home/user/public_html/horde/imp/lib/Imap.php"]
You either need to configure your IMAP server to use TLS or disable   
it in your configuration.
I though that I disabled it in backends.local.php with this line:
   'secure' => 'false',
The password for the http authentication, the local user, are all
the same. sasldblistusers2 shows the user. My question here is what   
format the users should have:
username at localhost
username at hostname
username at hostname.domain.tld
username at domain.tld
I am confused as to exactly what authentication backend you are  using  
in Horde. As far as the general question about thr format of  the  
users, that depends entirely on what the authentication backend  is  
expecting. There is no one right answer.
What would be correct for HTTP authentication?
Again, I think you did not understand the question.
(**) You should authenticate via imap that you already tested.
If you are going to use "username" or "username at ..." is up to you.
Sorry, but that was not very helpful. Obviously I cannot use one form  
of the login in the sasl DB (saslpasswd2 -c) and then another form  
when I login. Where/how do make changes if it "is up to you"?
Depending on what you want, you might need a different authentication  
backend. Just try imp to handle authentication, as explained above.
The mailbopx was created using cyradm and the permissions look like this:
localhost.localdomain> listacl user.myuser
user.myuser lrswipkxtecda

I have successully tested the username using telnet to connect to   
ports 110(POP3) and 143 (IMAP), as well as with testsaslauthd.
Port 143 is the TLS port for IMAP, so it seems that your server   
*does* support this?
Hmmmm.....Why then am I getting the error message "Server does not
support TLS connections"?
Port 143 can be used to login as plain text or with encryption. SASL  
and TLS are not the same thing.
Understood. So where exactly is Horde connecting at this point? To the  
imap server?
Are the webserver with Horde and the imap server one the same machine?
Yes. This is a single machine.
Mauricio
-- 
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject
Regards,
James


-- 
Horde mailing list
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: horde-unsubscribe at lists.horde.org
-- 

Maurício José T. Tecles
Instituto de Biofísica Carlos Chagas Filho/UFRJ
Av. Carlos Chagas Filho, 373
Núcleo de Informática
CCS, Bloco G, sala G1-006
Cidade Universitária - Ilha do Fundão
21941-902, Rio de Janeiro - RJ

mtecles at biof.ufrj.br
Tel.: (21) 3938-6526 ou 3938-6544

-- 
Horde mailing list
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: horde-unsubscribe at lists.horde.org

More information about the horde mailing list