[imp] pass client ip during authentication
Using imp for authentication with dovecot IMAP, working fine. But now I would like to make use of dovecot's allow_nets feature to restrict logins from certain ip's. To make that work, imp should pass the client's ip (as seen by apache) to dovecot during authentication, but instead it passes 127.0.0.1 for both lip and rip. Any way to change this? horde log: 2014-09-25T11:39:54+02:00 NOTICE: HORDE [horde] Login success for t...@bezoekerscentrumsonsbeek.nl [192.168.4.101] to horde. [pid 6600 on line 150 of "/var/www/horde/login.php"] mail log: Sep 25 11:39:54 BCS dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=8382, TLS -- imp mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] pass client ip during authentication
Citeren Systeembeheer BCS : Using imp for authentication with dovecot IMAP, working fine. But now I would like to make use of dovecot's allow_nets feature to restrict logins from certain ip's. To make that work, imp should pass the client's ip (as seen by apache) to dovecot during authentication, but instead it passes 127.0.0.1 for both lip and rip. Any way to change this? No. Horde doesn't pass the connecting IP to Dovecot. This is determined by Dovecot itself, by looking at the local and remote IP for the socket that is used for communication. horde log: 2014-09-25T11:39:54+02:00 NOTICE: HORDE [horde] Login success for t...@bezoekerscentrumsonsbeek.nl [192.168.4.101] to horde. [pid 6600 on line 150 of "/var/www/horde/login.php"] mail log: Sep 25 11:39:54 BCS dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=8382, TLS -- This message was sent from a mailinglist subscription address. For off-list replies, you must remove the address extension. smime.p7s Description: S/MIME Signature -- imp mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] pass client ip during authentication
Citeren Arjen de Korte : Citeren Systeembeheer BCS : Using imp for authentication with dovecot IMAP, working fine. But now I would like to make use of dovecot's allow_nets feature to restrict logins from certain ip's. To make that work, imp should pass the client's ip (as seen by apache) to dovecot during authentication, but instead it passes 127.0.0.1 for both lip and rip. Any way to change this? No. Horde doesn't pass the connecting IP to Dovecot. This is determined by Dovecot itself, by looking at the local and remote IP for the socket that is used for communication. Ah, thanks. Looks like I have to switch to another auth mechanism instead to get this working. horde log: 2014-09-25T11:39:54+02:00 NOTICE: HORDE [horde] Login success for t...@bezoekerscentrumsonsbeek.nl [192.168.4.101] to horde. [pid 6600 on line 150 of "/var/www/horde/login.php"] mail log: Sep 25 11:39:54 BCS dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=8382, TLS -- This message was sent from a mailinglist subscription address.For off-list replies, you must remove the address extension. -- imp mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] pass client ip during authentication
Citeren Systeembeheer BCS : Citeren Arjen de Korte : Citeren Systeembeheer BCS : Using imp for authentication with dovecot IMAP, working fine. But now I would like to make use of dovecot's allow_nets feature to restrict logins from certain ip's. To make that work, imp should pass the client's ip (as seen by apache) to dovecot during authentication, but instead it passes 127.0.0.1 for both lip and rip. Any way to change this? No. Horde doesn't pass the connecting IP to Dovecot. This is determined by Dovecot itself, by looking at the local and remote IP for the socket that is used for communication. Ah, thanks. Looks like I have to switch to another auth mechanism instead to get this working. What are you trying to accomplish? Do you want to restrict the IP's from where your users can connect to Horde? In that case, a .htaccess file placed in the directory where Horde lives may be what you're looking for: # ALLOW USER BY IP order deny,allow deny from all allow from 192.168.4.0/24 This will allow everyone from the 192.168.4.0/24 network access and denies all others. -- This message was sent from a mailinglist subscription address. For off-list replies, you must remove the address extension. smime.p7s Description: S/MIME Signature -- imp mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] pass client ip during authentication
Citeren Arjen de Korte : Citeren Systeembeheer BCS : Citeren Arjen de Korte : Citeren Systeembeheer BCS : Using imp for authentication with dovecot IMAP, working fine. But now I would like to make use of dovecot's allow_nets feature to restrict logins from certain ip's. To make that work, imp should pass the client's ip (as seen by apache) to dovecot during authentication, but instead it passes 127.0.0.1 for both lip and rip. Any way to change this? No. Horde doesn't pass the connecting IP to Dovecot. This is determined by Dovecot itself, by looking at the local and remote IP for the socket that is used for communication. Ah, thanks. Looks like I have to switch to another auth mechanism instead to get this working. What are you trying to accomplish? Do you want to restrict the IP's from where your users can connect to Horde? In that case, a .htaccess file placed in the directory where Horde lives may be what you're looking for: Not exactly. What I try to achieve is that while all accounts should be accessible from machines within our lan ip range, only some accounts should be able to login from the outside world as well (coming from ip's outside our lan range). So I need to restrict access to accounts based upon an ip range. Dovecot's allow_nets feature would do just that but because all imp logins come from localhost instead of from the client ip, I can not use it. # ALLOW USER BY IP order deny,allow deny from all allow from 192.168.4.0/24 This will allow everyone from the 192.168.4.0/24 network access and denies all others. -- This message was sent from a mailinglist subscription address. For off-list replies, you must remove the address extension. -- imp mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] IMP Address Book Preferences not persistent across sessions
Zitat von Tim ODriscoll : Dear All, I have 3 LDAP address books in Turba. If I go into Preferences/Mail/Address Books within the Horde web interface, I can set which address books I'd like to search when expanding addresses. I can then save my preferences and when I compose a new email the address expansion works perfectly. However, if I then log out and log back in again, my address expansion preferences have been reset to search all address books. And indeed, composing a new email will search all address books. What have I got wrong in my set up to reset the IMP address expansion preferences upon logon? I don't see an option for it anywhere.. Many thanks, Tim Do other preferences work across sessions? -- Jan Schneider The Horde Project http://www.horde.org/ https://www.facebook.com/hordeproject -- imp mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] pass client ip during authentication
Citeren Systeembeheer BCS : Citeren Arjen de Korte : Citeren Systeembeheer BCS : Citeren Arjen de Korte : Citeren Systeembeheer BCS : Using imp for authentication with dovecot IMAP, working fine. But now I would like to make use of dovecot's allow_nets feature to restrict logins from certain ip's. To make that work, imp should pass the client's ip (as seen by apache) to dovecot during authentication, but instead it passes 127.0.0.1 for both lip and rip. Any way to change this? No. Horde doesn't pass the connecting IP to Dovecot. This is determined by Dovecot itself, by looking at the local and remote IP for the socket that is used for communication. Ah, thanks. Looks like I have to switch to another auth mechanism instead to get this working. What are you trying to accomplish? Do you want to restrict the IP's from where your users can connect to Horde? In that case, a .htaccess file placed in the directory where Horde lives may be what you're looking for: Not exactly. What I try to achieve is that while all accounts should be accessible from machines within our lan ip range, only some accounts should be able to login from the outside world as well (coming from ip's outside our lan range). So I need to restrict access to accounts based upon an ip range. Dovecot's allow_nets feature would do just that but because all imp logins come from localhost instead of from the client ip, I can not use it. Ah, now I understand. You can use the preauthenticate or postauthenticate hooks (see horde/config/hooks.php.dist) for that. -- This message was sent from a mailinglist subscription address. For off-list replies, you must remove the address extension. smime.p7s Description: S/MIME Signature -- imp mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
Re: [imp] IMP Address Book Preferences not persistent across sessions
Quoting Jan Schneider : Zitat von Tim ODriscoll : Dear All, I have 3 LDAP address books in Turba. If I go into Preferences/Mail/Address Books within the Horde web interface, I can set which address books I'd like to search when expanding addresses. I can then save my preferences and when I compose a new email the address expansion works perfectly. However, if I then log out and log back in again, my address expansion preferences have been reset to search all address books. And indeed, composing a new email will search all address books. What have I got wrong in my set up to reset the IMP address expansion preferences upon logon? I don't see an option for it anywhere.. Many thanks, Tim Do other preferences work across sessions? Yes, all other preferences I've set are persistent. What is the pref_name in the horde_prefs SQL table that stores the address expansion? I've pasted in my current list below. This problem is happening for all my users which I've tested, and preferences appear to be written to the SQL table. The closest pref_name I can see is 'search_sources', which has a 'blob' of 58 bytes in the table. Is it possible to decode the binary data in the blob to see it's contents? Perhaps then I can tell when (or if) it's getting over written. Or am I going the wrong way about it? Many thanks, Tim mysql> select pref_name from horde_prefs where pref_scope='imp' and pref_uid='my_uid'; +-+ | pref_name | +-+ | add_source | | atc_flag| | auto_save_drafts| | compose_html| | emoticons | | empty_trash_menu| | expanded_folders| | filter | | forward_default | | image_replacement_addrs | | initial_page| | mail_hdr| | mimp_inline_all | | msgflags| | newmail_notify | | purge_trash_interval| | refresh_time| | reply_headers | | save_attachments| | save_recipients | | search_fields | | search_sources | | sortby | | sortdir | | sortpref| | use_smime | | use_trash | | vfolder | +-+ 28 rows in set (0.00 sec) -- imp mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
