Multiply IMAP auth servers

macz · April 3, 2025, 1:29pm

Steps to reproduce

define 2 IMAP auth sections in config file

Expected behaviour

I expect to search auth account in all defined IMAP until found

Actual behaviour

Auth is don only with first IMAP entry ignoring second one

Server configuration

Operating system: Ubuntu

Web server: Apache

Database: mysql

PHP version:

ownCloud version: (see ownCloud admin page) 10.15.0

Updated from an older ownCloud or fresh install: update

Where did you install ownCloud from: official repo

Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and puth the link here.

The content of config/config.php:

Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.

or 

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove *all* host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.

List of activated apps:

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.

Are you using external storage, if yes which one: local/smb/sftp/…

Are you using encryption: yes/no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…

LDAP configuration (delete this part if not used)

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

Client configuration

Browser:

Operating system:

Logs

Web server error log

Insert your webserver log here

ownCloud log (data/owncloud.log)

Insert your ownCloud log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...

LinkP · April 3, 2025, 1:48pm

I dont see anything in the IMAP authentication documentation that suggests that more than one IMAP server can be configured. Did you find something that suggests it is possible? Can you share it?

mbrando · April 8, 2025, 12:07pm

Have you tried this? This response is from perplexity Ai.

You can define multiple IMAP authentication sections in the config.php file for ownCloud. However, ownCloud’s behavior is such that it will only use the first IMAP backend defined for authentication, ignoring subsequent entries. This limitation makes it challenging to use multiple IMAP servers effectively for authentication purposes without additional customization.

Configuration Example

To define two IMAP authentication backends in the config.php file, you can use the following syntax:

'user_backends' => array(
    array(
        'class' => 'OC_User_IMAP',
        'arguments' => array('{imap.server1.com:993/imap/ssl}', 'example.com'),
    ),
    array(
        'class' => 'OC_User_IMAP',
        'arguments' => array('{imap.server2.com:993/imap/ssl}', 'example.org'),
    ),
),

Explanation

First Backend: Authenticates users against imap.server1.com and restricts logins to the domain example.com.
Second Backend: Authenticates users against imap.server2.com and restricts logins to the domain example.org.

Known Issues

The authentication process will only consider the first IMAP backend (imap.server1.com) and ignore the second one (imap.server2.com) due to how ownCloud handles multiple entries in the user_backends array[6].

Workaround

If you need to authenticate against multiple IMAP servers, consider these options:

Custom Development:
- Modify the external user authentication app (user_external) to support multiple IMAP backends properly. This requires programming skills and familiarity with PHP.
Proxy IMAP Server:
- Set up a proxy IMAP server that aggregates multiple IMAP servers into a single endpoint. This way, ownCloud only needs to authenticate against one server.
Separate Instances:
- Run separate ownCloud instances for each IMAP server if feasible.
Log File Debugging:
- Check owncloud/data/owncloud.log for insights into why subsequent backends are ignored[4].

If none of these solutions are suitable, you may need to consult with ownCloud developers or community forums for further assistance.