Forums | Mahara Community
20 October 2010, 8:52
Anyone managed to use the IMAP authentication?
I filled in all the fields and when i try to login, it says "
You have not provided the correct credentials to log in. Please check your username and password are correct
But this is a wrong catch error. The username and pass are correct.
I am also monitoring the IMAP server, i am getting no hits from the application.
If i telnet to IMAP server, there is a response. BUT no response from Mahara.
Anything i am missing?
Mahara 1.3 running on Linux
20 October 2010, 9:34
Have you pre-created your users? As I recall, the IMAP authentication plugin doesn't allow auto-creation of users because IMAP doesn't provide enough information (e.g. Forename and Surname).
21 October 2010, 3:14
That was a good hint. Seems the imap module is still primitive here...I will be then using LDAP + IMAP authentication. The point is that when a user is disabled on LDAP, he should be able to login using IMAP.
This again doesnt work!
Why are we allowed to move authentication methods up and down? And if the first method fails, shouldnt it attempt to use the 2nd authentication method on the list?!
Using LDAP, i will get the required fields that IMAP doesnt get.
HOWEVER, when i disable LDAP, the system does NOT switch to IMAP authentication automatically...
21 October 2010, 4:04
A user is only tested against their authentication mechanism. If you have a look at one of your users who has authenticated and logged in successfully to Mahara using your LDAP mechanism, you'll notice that they have an Authentication Method against their name. If you disable the LDAP mechanism, then those users will be unable to log on. Only users matched against the LDAP mechanism will be able to log in.
As I recall, an LDAP authentication instance will only attempt to contact an LDAP server if a user is assigned to that auth method.
24 October 2010, 10:51
It will also try if the user doesn't have an assigned auth yet (this is her first login to the system), won't it?
25 October 2010, 3:37
Not for IMAP - As I mentioned before, the IMAP protocol doesn't give enough information for Mahara to automatically create users. Since there's not enough information there, and it can't be used to automatically create the users, no attempt is made.
If you're interested, this is roughly how it happens:
- when attempting a login, the login is handled by auth/lib.php->login_submit();
- this function first tries to login the user using the auth instance against that user record;
- if that user is unknown, an AuthUnknownUserException is thrown and caught. The handler then filters the institution list to leave only those which create users automatically;
- this then skips any which can't automatically create users as determined by the output of $auth->can_auto_create_users();
- auth/imap/lib.php::AuthImap->can_auto_create_users() returns false so the IMAP auth plugin never even attempts a login; and
- assuming the username matches none of the other auth instances and passes, the user is not logged in.