Topic: GroupOffice Email Authentication

[steever]

Hi guys.

I've installed Group Office using the wiki's instructions, and what I'd really like to get working is email authentication (ie authentication against the sme server's imap or pop-3 databases).  I can do it for moodle, but I'm not having any luck with GroupOffice.  Anybody had any success?

Thanks

Steve

[p-jones]

Yeah I use this all the time. It is my favourite groupware for SME and it works great. It installs as per the instruction and is far less messy tha egroupware or other groupwares. I also find it way more friendly than Horde that is part of the SME.

What is or is not happening ? I will try and help you if I can. I do recall some obscure setting I had to tick or un-tick to get the email going.

It was a while ago and I have never had to re visit it.

My Email account setup looks like this

Name:    user
E-mail:    user@domain.co.com
 
Type:    
   SSL (NOT TICKED)
   Don't validate certificate (TICKED)
IMAP
Port: 143    
Host: Myserver   
Root mailbox:    (BLANK)
 
Username:    user
Password:    pass
 
Signature:    
   Automatically check this account for new mai

[steever]

E-mail Authentication

It's possible to authenticate users using an IMAP or POP03 server. It can be very useful to use the user accounts of an existing e-mail environment in Group-Office. To set this up you need to rename the file “auth_sources.dist” to “auth_sources.inc”. After this you must set the path to this file in “config.php”:

$config['auth_sources']='/var/www/html/groupoffice/auth_sources.inc';

Add the following to this file:
$auth_sources[] =
array(
'type' => 'email',
'name' => 'intermesh.nl',
'user_manager' => 'sql',
'proto' => 'imap',
'domain' => 'intermesh.nl',
'host' => 'localhost',
'port' => '143',
'ssl' => false,
'novalidate_cert' => false,
'mbroot' => 'INBOX',
'add_domain_to_username' => false,
'create_email_account' => true,
'auto_check_email' => true,
'groups' => array('Intermesh'),
'visible_groups' => array('Everyone'),
'modules_read' => array('email', 'addressbook', 'calendar', 'summary'),
'modules_write' => array()
);



type
The type of the authentication source. In this case '”mail”. It can also be “ldap” but this is still in expirimental stages.

name
The name of the authentication source as it will appear in a pulldown menu when there are more then one authentication sources defined.

user_manager
The type of user management you wish to use. This can be “sql”, 'passwd” en “ldap” zijn. By default “sql” is used. It can however be very useful to use “passwd”. With this option system accounts are changed when you change the password in Group-Office.
This is only possible when the mailserver runs on the local machine (“localhost”) and you must allow the Apache system users to execute the command “chpasswd”. This can be done with the program “sudo”. add the following line to /etc/sudoers using the “visudo” command:
apache ALL=NOPASSWD:/usr/sbin/chpasswd
Replace the apache username if nessecary. Also check the path of chpasswd. If this path is different then you must also change this path in “config.php”.

proto
The protocol. Can be IMAP or POP-3. IMAP is highly recommended. POP-3 is slow and doesn't offer the use of multiple e-mail folders.

domain
The domain of the e-mail addresses.

host
The hostname of the machine where the mailserver runs.

port
The port . For IMAP usually 143 and for POP-3 usually 110.

ssl
SSL mode on or off

novalidate_cert
Validate the SSL certificate yes or no. with some mailservers you must enable this feature always even if you don't use SSL.

mbroot
The mailbox root. In most cases you can leave this value empty. It could be that you must enter “INBOX” or “mail” here.

add_domain_to_username
Enable this option if you need to login with the full e-mail address at the mailserver.

create_email_account
If you want to create an e-mail account in Group-Office automatically when a user logs in the first time enable this option.

auto_check_email
Check the automatic e-mail account for new messages automatically.

groups
Add the new users to these user groups automatically.

visible_groups
Make new users automatically visible to these user groups.

modules_read
Grant new users read permissions to these modules.

modules_write
Grant new users administrator permissions to these modules.

This is from the Group Office administrator documentation.  It's so you can have single sign on, without having to first set up your users in GO as well as in SME.  But it's not working.

Any help would be appreciated.

Steve

[p-jones]

Groupoffice does authenticate to the users email account but I am not aware of any way automatically setup users. There have been heaps of post relating to other packages and LDAP etc explaining why this doesnt work.

The docs that go with the groupoffice contrib are reasonably clear that the administrator must setup the user accounts first. I guess for a few people, its not an issue, for lots of people it - a serious excercise in tedium, or better described as a pain in the butt.

Sorry, I cannot help you any more but maybe one of the gurus can. Once working, it does work very well.

Peter

[shell]

Hiya,

This has been bothering me for a while too, so had a play this afternoon and I think I've partially cracked the nut

I have an outstanding issue that hopefully I can get assistance with - the admin user in the groupoffice database is the groupoffice administrator, however when authenticating against imaps this admin user is not the groupoffice administrator.  Any thoughts?

Here are the steps I used to sucessfully authenticate against the inbuilt SME users (IMAPS)



Alter either the auth_sources.dist or the auth_sources.inc (or create a new file with the same ownership and privileges as the existing file) to show the following:

Code: [Select]

$auth_sources[] =
array(
'type' => 'email',
'name' => 'Your Name - any format',
'user_manager' => 'sql',
'proto' => 'imaps',
'domain' => 'fqdn - including servername to match your certificate',
'host' => 'localhost',
'port' => '993',
'ssl' => true,
'novalidate_cert' => true,
'mbroot' => '',
'add_domain_to_username' => false,
'create_email_account' => false,
'auto_check_email' => false,
'groups' => array('Everyone'),
'visible_groups' => array('Everyone'),
'modules_read' => array('email', 'addressbook', 'calendar', 'summary'),
'modules_write' => array()

The last 8 options relate to automatic setup of email checking from inside groupoffice and also to other default options of users so these can be changed to your preference - ie don't play a part in the authentication settings.  I want users to setup email in groupoffice manually.

NOTE: If you are editing the existing files make sure that you change the comment fields from the inbuilt - ie currently the auth_sources array that is not commented (/*.....*/) is the one named Group-Office Database

Then edit /opt/groupoffice/config.php and add the name of your auth_sources file to the $config option like:

Code: [Select]

$config['auth_sources']='/opt/groupoffice/html/name_of_your_edited_auth_source_file';
I am imaging the admin user will also be in this config file, so will come back to this thread if I find a way to link the admin and the groupoffice admin.

Cheers, shell

[shell]

OK, had a brainwave - recalled something about the first user setup is the administrator, so used phpmyadmin to remove the user with id of 1 and made my sme user of choice id1 - now administrator of groupoffice.

all good in the hood... plus its friday

[kevinb]

Hello everyone,

I was excited to see some instructions on how to use authentification against the SME server.

But alas, I tried to follow these instructions on a fresh virtual machine install of SME and i can't get it to work. I am always confronted with

Wrong username or password

Here is my /opt/groupoffice/config.php:

$config['auth_sources']='/opt/groupoffice/html/auth_sources.inc';

Here is my entire /opt/groupoffice/auth_sources.inc file:

<?php
$auth_sources[] =
        array(
        'type' => 'email',
        'name' => 'stdg.lan',
        'user_manager' => 'sql',
        'proto' => 'imaps',
        'domain' => 'oo.stdg.lan',
        'host' => 'localhost',
        'port' => '993',
        'ssl' => true,
        'novalidate_cert' => true,
        'mbroot' => '',
        'add_domain_to_username' => false,
        'create_email_account' => true,
        'auto_check_email' => true,
        'groups' => array('Everyone'),
        'visible_groups' => array('Everyone'),
        'modules_read' => array('email', 'filesystem', 'addressbook', 'calendar', 'bookmarks', 'notes', 'summary'),
        'modules_write' => array()
        );
?>

I would greatly appreciate any help.

Thank you


Kevin

[steever]

Thanks so much Shell!

I'm stoked.  It works so well - better than horde and open xchange!  It should be the default email program for SME Server.

Here's my auth_sources ...

<?php
$auth_sources[] =
   array(
   'type' => 'email',                     
   'name' => 'schoolname.edu.au',
   'user_manager' => 'sql',
   'proto' => 'imap',
   'domain' => 'schoolname.edu.au',
   'host' => 'localhost',
   'port' => '993',
   'ssl' => true,
   'novalidate_cert' => true,
   'mbroot' => '',
   'add_domain_to_username' => false,
   'create_email_account' => true,
   'auto_check_email' => true,
   'groups' => array('Everyone'),
   'visible_groups' => array('Everyone'),
   'modules_read' => array('email', 'filesystem', 'addressbook', 'calendar', 'bookmarks', 'notes', 'summary'),
   'modules_write' => array()
   );

There's no need to have the full server.domain.com for domain.  Having create email address set to true works a treat as well.  Thanks to everyone who though long and hard about this.

Kevin:  try imap instead of imaps 

[kevinb]

WooHoo! That worked!

Thanks Steever

[p-jones]

Shell

This is excellent stuff adding another level of useability to this great package.

Do you know if the mods you have outlined will survive a reconfigure or an update ?

Cheers
Peter

[steever]

Do you know if the mods you have outlined will survive a reconfigure or an update ?

Only two files are changed, so an update, even a GO update, shouldn't hurt anything.  I did a reconfigure and reboot, no problems mate.

OK, had a brainwave - recalled something about the first user setup is the administrator, so used phpmyadmin to remove the user with id of 1 and made my sme user of choice id1 - now administrator of groupoffice.

Better is to change the GO admin's username to administrator, then log in as SME's admin and then log back out.  Then log back in as administrator, navigate to admin's user record, and make him/her a member of the Admins group.  I found shell's method created a few ownership errors ...

I'd like to update the wiki about this, but how do I login?

[mmccarn]

Raise a bug in 'bugzilla' requesting wiki access.  Package= 'contribs.org website'; Component= 'MediaWiki'; subject= 'Request MediaWiki Login'

[berdie]

Thank you guys for this thread! Inspired from this ideas, I have released a new GroupOffice version based on 2.18-stable-1.
This release has a lot of improvements:
- new search box that searches through all Group-Office modules
- possibility to link e-mail to contacts, companies, projects etc...
- adjusting accessibility for http/https and local/public with standard SME commands
- Build for future updates with automatic backup of old files
- Build with automatic script for delete MySQL database + user, installation files and SME db entries
- and of course e-mail authentication for automatic creation of GO users with standard SME users
You can download this new release at http://wiki.contribs.org/GroupOffice
Please read the wiki for more details.
Have much fun with this brillant groupware solution! 

Dietmar

[steever]

Dietmar ....

The new release is so gut!  Well done, mate.  I say that we start a campaign to remove horde and replace it with GroupOffice.

Steve