DokuWiki

It's better when it's simple

User Tools

Site Tools


Sidebar

Translations of this page?:

Learn about DokuWiki

Advanced Use

Corporate Use

Our Community


Follow us on Facebook, Twitter and other social networks.

auth:imap

IMAP/POP3 authentication

What does it do?

This authentication module, changes the password check for DokuWiki, from using the password file, to use an IMAP or pop3 server. It is build on the plain authentication backend, and works in the same way, with the only change that user passwords are checked against an IMAP/POP3 server.

NB: You still need to create you users in DokuWiki before they can log in.

Requirements

  • PHP IMAP (for Ubuntu use: aptitude install PHP5-IMAP)

Install

Copy the file imap.class.php to “inc/auth”.

Or manually create the file by applying the following steps:
Copy the plain module:

cp plain.class.php imap.class.php 

Change the following lines in the file imap.class.php:

[...]
class auth_imap extends auth_basic {
[...]
function auth_imap() {
[...]
 
  $this->cando['modPass'] = false;
  [...]
 function checkPass($user,$pass){
   $userinfo = $this->getUserData($user);
      if ($userinfo === false) return false;
 
        $toReturn=false;
 
        $imap_login = @imap_open("{imap.server:143/novalidate-cert}", $user."@domain.tld", $pass, OP_HALFOPEN, 1);
        if ($imap_login == false){
                $toReturn = false;
        }
        else {
                $toReturn = true;
                imap_close($imap_login);
        }
 
        return $toReturn;
  }
  [...]
 function createUser($user,$pwd,$name,$mail,$grps=null){
[...]
      $tmppass = time();
      $pass = auth_cryptPassword($tmppass);
[...]

Now update the IMAP/pop3 server connection string.

imap_open("{imap.server:143/novalidate-cert}", $user."@domain.tld", $pass, OP_HALFOPEN, 1);

See http://dk.php.net/imap_open for documentation on the imap_open function.

Patch User Manager

As noted in pam there seams to be a bug in the User Manager, it won't create a user if no password is specified. Fix it by either applying the patch on pam or by setting “$this→cando['modPass']” to true, and specifying a random password when the user is created.

Comments

by mpc@20080825 :

I guess we must also, as specified in pam auth , configure DokuWiki tu use imap auth by adding the following line to local.php:

$conf['authtype'] = 'imap';

Anyway, even if adding user in the configuration panel works fine, authentication does not works on my SME 7.3 server with this code, I had to modify the “imap_open” function line to inc/auth/imap.class.php like this to make it works :

$imap_login = @imap_open("{myserver:143/imap/novalidate-cert}", $user, $pass);

of course, use this code this if your server supports imaps :

$imap_login = @imap_open("{myserver:993/imap/ssl/novalidate-cert}", $user, $pass);

Except a little bug (error message display when adding a user, but user added anyway), everything works great.

mjm 20080913:
I have modified the checkPass function to allow users to enter a full email address into the Username field during login. DokuWiki automatically converts the '@' in the email address into an underscore (“_”) in the username. This version of checkPass:

  1. looks for an underscore in the username. If found, it splits the username into $imapUser and $imapDomain.
  2. sets $imapServer, $_groups and $imapLogin for each supported $imapDomain
  3. attempts to login to the appropriate IMAP (or POP3) server based on the email domain extracted from the username
  4. fails if IMAP login fails; verifies or creates a local user if the IMAP login succeeds
  5. finally, authenticates from conf/users.auth.php if there is no $imapDomain specified in the username. This allows an admin to create “plain” accounts for users who need access to the wiki but don't have email accounts on any supported servers.
    function checkPass($user,$pass){

      #$userinfo = $this->getUserData($user);
      #if ($userinfo === false) return false;

      $toReturn=false;

      list( $imapUser, $imapDomain) = split('[_@]', $user);
      if(!$imapDomain) $imapDomain = "null";
      $imapDomain= strtolower( $imapDomain);

     switch ($imapDomain) {
     case "domainone.com":
        $_groups    = array( 'user', 'domainone');
        $imapServer = "{mail.domainone.com:993/imap/ssl/novalidate-cert}";
        $imapLogin  = $imapUser.'@'.$imapDomain;
        break;
     case "domaintwo.org":
        $_groups    = array( 'user', 'domaintwo');
        $imapServer = "{imap.domaintwo.org:993/imap/ssl/novalidate-cert}";
        $imapLogin  = $imapUser
        break;
     case "null":
        unset ($imapServer);
     }

     switch (isset($imapServer)) {
     case true:
        $imap_login = @imap_open($imapServer, $imapLogin, $pass);
        if ($imap_login == false){
                $toReturn = false;
        } else {
                $toReturn = true;
                imap_close($imap_login);
                $userinfo = $this->getUserData($user);
                if ($userinfo === false) $newUser = $this->createUser($user,"!imap_auth!",
                                            $imapUser,$imapUser.'@'.$imapDomain,$_groups);
        }
        break;
     case false:
        $userinfo = $this->getUserData($user);
        if ($userinfo === false) {
           $toReturn = false;
        } else {
           $toReturn = auth_verifyPassword($pass,$this->users[$user]['pass']);
        }
     }
     return $toReturn;
    }
auth/imap.txt · Last modified: 2010-03-01 19:50 by 74.93.99.97