Steps to reproduce

1. Search for php7-imap in the repo's of current distro's like openSUSE Tumbleweed
2. Lookup php-imap extension status in the formal PHP extension list

Expected behaviour

The native PHP IMAP extension appears to be deprecated.

Actual behaviour

The php-imap extension appears to have been abandoned by its maintainers and distro's like openSUSE no longer ship it.
https://wiki.php.net/todo/extensions#imap
https://bugzilla.opensuse.org/show_bug.cgi?id=1089061#c18

Roundcube and other mail apps appear to have moved to a custom PHP IMAP protocol implementation using the generic sockets extension.

Would it be possible to consider replacing this unmaintained dependency to a similar solution?
https://github.com/roundcube/roundcubemail/blob/82974289b98d2d00251e55f1719c4522598d7ef5/program/lib/Roundcube/rcube_imap_generic.php

Affected Authentication backend

IMAP

Server configuration

Operating system:
Several linux distro's i.e. openSUSE

PHP version:

7

I'd like to propose that User_External use a different 'user_backend' for the new vs old imap -- especially since the back-ends are so different, with differing data and configuration requirements.

Option 1 [protect admins still using v0.5.0 during upgrades]:

• rename the new version as OC_User_IMAP2
  • users whose app gets updated automatically with NextCloud are not required to edit config.php to get imap authentication reconfigured
  • users depending on the old version do not need to worry about breakage during app upgades
  • users who want to use the new version have to change the 'user_backend' string at the same time that they have to change all of the configuration options

Option 2 [protect admins already using v0.6.x during upgrades]:

• add back the legacy imap support as backend 'OC_User_IMAP_Legacy'
  • users who have v0.6.x working do not need to edit config.php to get imap authentication reconfigured
  • users whose app gets upgraded automatically with NextCloud can change the user_backend from OC_User_IMAP to OC_User_IMAP_Legacy instead of changing all of the other settings related to IMAP.

Option 3 [disconnect user_external from IMAP Authentication to protect admins during upgrades]:

• fork user_external v0.5.0, rename it, and rename the user_backends to avoid naming conflicts:
  imap_auth

Steps to reproduce

1. search for a user by display name (either in sharing dialogue or in user management)

Expected behaviour

users should be found by display name, not only by username/uid

Actual behaviour

you can't find users by display name anymore

It seems there has been either something changed in Nextcloud for 16 regarding the user search or it could also be related to the changes done to the sql queries in #30
@nickvergessen, as you've done most of the changes in #30, do you have an idea what's going wrong here? or do you know who could be able to help me out here? because I sadly don't (yet) have much experience with databases nor with how the Nextcloud user managment is working...

What is called when a user search / lookup is done in NC?

#73 could be related to this one as well (users are only found when sharing if the complete username is entered)... so these two together make for a horrible experience when one want's to share to users from user_external :/

Affected apps

user_external

Steps to reproduce

1. log in multiple times to the same user via user_external (WebDAV) with different capitalization of the username
2. see different folders in the file system for the different capitalizations but only one user in admin/users
3. from admin/users try to edit parameters (display name / email) and see it getting overwritten back after refresh of the page

Expected behaviour

nextcloud should handle different capitalization of usernames and don't differentiate between them, as it does for users with the user backend "database"

Actual behaviour

strange issues occure as described in "Steps to reproduce"

Server configuration detail

Operating system: Linux 4.4.0-134-generic #160-Ubuntu SMP Wed Aug 15 14:58:00 UTC 2018 x86_64

Webserver: Apache (fpm-fcgi)

Database: mysql 10.0.36

PHP version:

7.2.9-1+ubuntu16.04.1+deb.sury.org+1
Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, sodium, session, standard, cgi-fcgi, mysqlnd, PDO, xml, apcu, apc, bz2, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, iconv, igbinary, imagick, intl, json, ldap, exif, mysqli, pdo_mysql, Phar, posix, readline, redis, shmop, SimpleXML, smbclient, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xmlreader, xmlwriter, xsl, zip, libsmbclient, Zend OPcache

Nextcloud version: 14.0.0 - 14.0.0.19

Updated from an older Nextcloud/ownCloud or fresh install: updated

Where did you install Nextcloud from: official nextclou download

Enabled:
 - accessibility: 1.0.1
 - activity: 2.7.0
 - bruteforcesettings: 1.1.0
 - cloud_federation_api: 0.0.1
 - comments: 1.4.0
 - dav: 1.6.0
 - federatedfilesharing: 1.4.0
 - federation: 1.4.0
 - files: 1.9.0
 - files_external: 1.5.0
 - files_linkeditor: 1.0.7
 - files_pdfviewer: 1.3.2
 - files_rightclick: 0.8.4
 - files_sharing: 1.6.2
 - files_texteditor: 2.6.0
 - files_trashbin: 1.4.1
 - files_versions: 1.7.1
 - files_videoplayer: 1.3.0
 - firstrunwizard: 2.3.0
 - gallery: 18.1.0
 - groupfolders: 1.3.3
 - impersonate: 1.1.0
 - issuetemplate: 0.4.0
 - logreader: 2.0.0
 - lookup_server_connector: 1.2.0
 - metadata: 0.7.0
 - nextcloud_announcements: 1.3.0
 - notifications: 2.2.1
 - oauth2: 1.2.1
 - onlyoffice: 2.0.4
 - password_policy: 1.4.0
 - previewgenerator: 1.1.0
 - provisioning_api: 1.4.0
 - quota_warning: 1.3.0
 - ransomware_protection: 1.2.0
 - serverinfo: 1.4.0
 - sharebymail: 1.4.0
 - support: 1.0.0
 - survey_client: 1.2.0
 - systemtags: 1.4.0
 - theming: 1.5.0
 - twofactor_backupcodes: 1.3.1
 - updatenotification: 1.4.1
 - user_external: 0.4
 - workflowengine: 1.4.0
Disabled:
 - admin_audit
 - announcementcenter
 - encryption
 - files_accesscontrol
 - files_automatedtagging
 - user_ldap

{
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trusted_domains": [
        "***REMOVED SENSITIVE VALUE***"
    ],
    "auth.bruteforce.protection.enabled": true,
    "0": [
        ".htaccess",
        "Thumbs.db",
        "thumbs.db"
    ],
    "cron_log": true,
    "activity_expire_days": 33,
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
    "dbtype": "mysql",
    "version": "14.0.0.19",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbhost": "***REMOVED SENSITIVE VALUE***",
    "dbport": "",
    "dbtableprefix": "oc_",
    "mysql.utf8mb4": true,
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "installed": true,
    "enable_previews": true,
    "enabledPreviewProviders": [
        "OC\\Preview\\PNG",
        "OC\\Preview\\JPEG",
        "OC\\Preview\\GIF",
        "OC\\Preview\\BMP",
        "OC\\Preview\\XBitmap",
        "OC\\Preview\\Movie",
        "OC\\Preview\\PDF",
        "OC\\Preview\\MP3",
        "OC\\Preview\\TXT",
        "OC\\Preview\\MarkDown"
    ],
    "preview_max_x": 1024,
    "preview_max_y": 768,
    "preview_max_scale_factor": 1,
    "filesystem_check_changes": 0,
    "filelocking.enabled": "true",
    "htaccess.RewriteBase": "\/",
    "integrity.check.disabled": false,
    "knowledgebaseenabled": false,
    "logfile": "\/srv\/nextclouddata\/nextcloud.log",
    "loglevel": 0,
    "logtimezone": "Europe\/Berlin",
    "log_rotate_size": 104857600,
    "maintenance": false,
    "memcache.local": "\\OC\\Memcache\\APCu",
    "memcache.locking": "\\OC\\Memcache\\Redis",
    "overwriteprotocol": "https",
    "redis": {
        "host": "***REMOVED SENSITIVE VALUE***",
        "password": "***REMOVED SENSITIVE VALUE***",
        "port": 0,
        "timeout": 0
    },
    "quota_include_external_storage": false,
    "share_folder": "",
    "skeletondirectory": "\/srv\/nextclouddata\/presets\/",
    "theme": "",
    "trashbin_retention_obligation": "auto, 7",
    "updater.release.channel": "stable",
    "mail_smtpmode": "smtp",
    "mail_smtpauthtype": "LOGIN",
    "user_backends": [
        {
            "class": "\\OCA\\User_External\\WebDAVAuth",
            "arguments": [
                "***REMOVED SENSITIVE VALUE***"
            ]
        }
    ],
    "mail_from_address": "***REMOVED SENSITIVE VALUE***",
    "mail_domain": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpauth": 1,
    "mail_smtpport": "465",
    "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
    "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpsecure": "ssl",
    "mail_smtphost": "***REMOVED SENSITIVE VALUE***"
}

Are you using external storage, if yes which one: webdav

Are you using encryption: false

Are you using an external user-backend, if yes which one: WebDAV

Client configuration

Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0

Operating system: Win 10

Logs

not relevant

Not sure where i should re-create my issue from owncloud?
--> owncloud-archive/apps#2093

Steps to reproduce

1. Configure IMAP backend for authentication, with SSL

Expected behaviour

User should be able to maintain the session open more than 5 minutes

Actual behaviour

Sessions are closed after 5 minutes

Affected Authentication backend

IMAP (at least)

Server configuration

0.6.1
Ubuntu 18.04
Apache
Mariadb
7.0.33
Nextcloud 15.0.7
Updated from previous version

Steps to reproduce

1. Use "OC_User_BasicAuth" class.
2. Login with a URL with basic auth that redirects upon successful login attempt.

Expected behaviour

Login should also succeed with 3xx redirect status codes.

Actual behaviour

Only succeeds by receiving 2xx status codes.

Affected Authentication backend

OC_User_BasicAuth

Server configuration

Operating system:
Ubuntu 18.04

Web server:
Nginx

Database:
MySQL

PHP version:
7.2

Nextcloud version: (see Nextcloud admin page)
15.0.5

Updated from an older Nextcloud/ownCloud or fresh install:
Fresh install

Where did you install Nextcloud from:
From official zip.

occ app:check-code user_external

Analysing /var/www/html/apps/user_external/lib/smb.php
 3 errors
    line   45: OCP\Util::writeLog - Method of deprecated class must not be called
    line   56: != - is discouraged
    line   58: OCP\Util::writeLog - Method of deprecated class must not be called
Analysing /var/www/html/apps/user_external/lib/base.php
 8 errors
    line    9: OC_DB - private class must not be imported with a use statement
    line   43: OC_DB - Static method of private class must not be called
    line   58: OC_DB - Static method of private class must not be called
    line   77: OC_DB - Static method of private class must not be called
    line  102: OC_DB - Static method of private class must not be called
    line  139: OC_DB - Static method of private class must not be called
    line  157: OC_DB - Static method of private class must not be called
    line  173: OC_DB - Static method of private class must not be called
Analysing /var/www/html/apps/user_external/lib/webdavauth.php
 3 errors
    line   31: OCP\Util::writeLog - Method of deprecated class must not be called
    line   37: == - is discouraged
    line   38: OCP\Util::writeLog - Method of deprecated class must not be called
Analysing /var/www/html/apps/user_external/lib/imap.php
 6 errors
    line   45: OCP\Util::writeLog - Method of deprecated class must not be called
    line   55: OC_DB - Static method of private class must not be called
    line   69: != - is discouraged
    line   71: == - is discouraged
    line   73: == - is discouraged
    line   73: == - is discouraged
Analysing /var/www/html/apps/user_external/lib/ftp.php
 1 errors
    line   49: OCP\Util::writeLog - Method of deprecated class must not be called
Invalid appinfo.xml file found: Element 'description': This element is not expected. Expected is one of ( name, summary ).

App is not compliant

Authentication using user_external modules can be costly, especially in case of a remote authenticating server addressed over Internet. It might be beneficial in such setup to cache the fact that a specific pair ($uid,$passord) was recently checked and is valid. Of course, such caching should be disabled by default, and the default cache validity time should be low enough (say, 1 minute).

Is your feature request related to a problem? Please describe.
Nextcloud users are in Samba AD DC. Nextcloud is connected via smbclient user_external. The login box in Nextcloud says "Username or email", so users randomly use one (username) or the other ([email protected]). Then Nextcloud creates in the Users section in setting both users "username" and "[email protected]". When the user enters again the Nextcloud repository with the different variant of their username calls me asking where are their files. Files are in the first approach the user used.

Describe the solution you'd like
IMHO several solutions may be used:

1. The user_external app (in my case OC_User_SMB) may check on login if "username" and "[email protected]" have the same ADDC id (or some other unique id in the backend consulted) and then treat as just one user, and redirect any of them to the first user profile created.

2. Give the admin the option to introduce the default domain(s) (in this example "domain.com") to use in the user_external OC_User_SMB config, so any plain "username" used will be treated as "[email protected]" and the profile created will be for "[email protected]". Any access of "username" and "[email protected]" will be going to the profile created for "[email protected]". If defined as an array the admin could give more than one domain that will treat all users as the same users, e.g. username = [email protected] = [email protected].

Describe alternatives you've considered

1. Rewrite the loginbox auxiliary text to just allow the email or the username.
2. Create a symlink to redirect the profile to the previously created one.
3. Disable the user created after the first one. E.g. Disabling the profile/user created in Nextcloud after "username" logged in and let "[email protected]" as the valid user/profile. This prevents further uses of the former variant of the user name. I have used this approach, but users call me asking why their id are disabled.

Additional context
In the case I'm using (Nextcloud + Samba ADDC) users are validated against the Samba backend.

A. All users have a "username" and a "[email protected]" that match with the Samba ADDC domain (domain.com) [case A].

B. There are some users that have a declared email that doesn't match that domain (e.g. [email protected]), this email is declared and stored in the "mail" field in the Samba ADDC [case B].

Nextcloud user_external OC_User_SMB allows those all users to login with:

1. username
2. [email protected]
   and in case B also with: 3. [email protected]

1, 2 (and 3) are the same user in Samba ADDC. IMHO there should be a way to consolidate them as just one user in Nextcloud with the user_external OC_User_SMB app, and in line with this, create just one profile/user in the Nextcloud DB and data folder.

This is Nextcloud 14.0.10
Ubuntu 16.04
PostgreSQL 9.5
Php 7
Samba 4.3

To reproduce:

• Install Nextcloud
• Install user_external app
• Configure the app to authenticate against a Samba ADDC
• Login with an username from Samba.
• Login with an username (email-style) from Samba.
• Login with an email declared in a Samba user that is different from the default username (email-style) Samba user name.
• Access as admin the Users admin interface, you should see 3 different users (username, [email protected] and [email protected]). All that three users to Nextcloud which are the same user in Samba can login and store file independently as unrelated users in Nextcloud.

Steps to reproduce

1. Install Nextcloud 15.0.5 and user_external 0.5.1
2. Create users (i.e., login with IMAP credentials) that have a UID without domain part in oc_users_external (e.g. '[email protected]' -> UID 'user')
3. Upgrade user_external to 0.6.1 and update the config.php accordingly
4. Login does not work and instead creates a new user with '[email protected]' UID

Expected behaviour

The login with '[email protected]' should connect to the original 'user' UID or the UID of the original user should be updated system-wide to include the domain part.

Actual behaviour

The login succeeds but creates a brand new user with a different UID. Accessing the old user does not work even after reverting to 0.5.1. Now, even with 0.5.1, the new users are created with the domain part in the UID.

Affected Authentication backend

IMAP

Server configuration

User External App version: 0.5.1 and 0.6.1 (0.6.0 does not work either)

Operating system: Debian 9

Web server: Nginx 1.10.3

Database: MariaDB 10.1.37

PHP version: 7.0.33-0+deb9u3

Nextcloud version: 15.0.5

Updated from an older Nextcloud/ownCloud or fresh install: Updated

Where did you install Nextcloud from: Official release

Signing status:

No errors have been found.

List of activated apps:

Enabled:
  - accessibility: 1.1.0
  - activity: 2.8.2
  - admin_audit: 1.5.0
  - bruteforcesettings: 1.3.0
  - cloud_federation_api: 0.1.0
  - comments: 1.5.0
  - dav: 1.8.1
  - federatedfilesharing: 1.5.0
  - federation: 1.5.0
  - files: 1.10.0
  - files_pdfviewer: 1.4.0
  - files_sharing: 1.7.0
  - files_texteditor: 2.7.0
  - files_trashbin: 1.5.0
  - files_versions: 1.8.0
  - files_videoplayer: 1.4.0
  - firstrunwizard: 2.4.0
  - gallery: 18.2.0
  - logreader: 2.0.0
  - lookup_server_connector: 1.3.0
  - nextcloud_announcements: 1.4.0
  - notifications: 2.3.0
  - oauth2: 1.3.0
  - password_policy: 1.5.0
  - provisioning_api: 1.5.0
  - richdocuments: 3.2.4
  - serverinfo: 1.5.0
  - support: 1.0.0
  - survey_client: 1.3.0
  - systemtags: 1.5.0
  - theming: 1.6.0
  - twofactor_backupcodes: 1.4.1
  - twofactor_totp: 2.1.2
  - updatenotification: 1.5.0
  - user_external: 0.5.1
  - workflowengine: 1.5.0
Disabled:
  - encryption
  - files_external
  - sharebymail
  - user_ldap

Nextcloud configuration:

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "dat.example.com"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "overwrite.cli.url": "https:\/\/dat.exmaple.com",
        "dbtype": "mysql",
        "version": "15.0.5.3",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpsecure": "ssl",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "maintenance": false,
        "theme": "",
        "loglevel": 2,
        "user_backends": [
            {
                "class": "OC_User_IMAP",
                "arguments": [
                    "{mail.exmaple.com:143\/imap\/readonly\/tls}"
                ]
            }
        ]
    }
}

can we get travis and drone CI for this Repo? (as it was in the apps repo)
What are the steps to be done?
@jancborchardt @MariusBluem Who is the right person to ask here?

Affected apps

This afflicts the smb login backend of user_external. It also applies to external storage so I'm not sure where to post this.

Expected behaviour

Use the Samba user "[email protected]" to login to NextCloud.

Actual behaviour

Login fails because the username is improperly escaped (I assume) and so the "@" causes it to fail. The login works fine with the (separately added) user "myuser."

Steps to reproduce

1. Set up Samba
2. smbpasswd -a "[email protected]", smbpasswd -a "myuser"
3. Set password
4. Try login from connected NextCloud. "myuser" works, "[email protected]" doesn't.

Server configuration

NGINX: nginx/1.10.3

PHP
Version: 7.1.2
Memory Limit: 512.0 MB
Max Execution Time: 10800
Upload max size: 10.0 GB

Database
Type: mysql
Version: 10.1.21
Size:

NextCloud version: 11.0.2.7

Logs

Web server error log

Nothing - though that might be down to container settings

ownCloud log (data/owncloud.log)

{"reqId":"t13LpmruSZpw0FvUqaQ1","remoteAddr":"192.168.3.87","app":"core","message":"Login failed: '[email protected]' (Remote IP: '192.168.3.87')","level":2,"time":"2017-03-13 12:25:26","method":"POST","url":"\/login?user=myuser%40something.com","user":"--","ver
sion":"11.0.2.7"}

SAML/SSO and LDAP are configurable via webinterface and config.php. We should make this possible for backends like IMAP and FTP too ...

@nextcloud/user_external

Affected apps

user_external

Steps to reproduce

Upgrade from Nextcloud-14.0.4 to Nextcloud-15.0

Expected behaviour

user_external should work

Actual behaviour

user_external can't be enable because version 0.4, which is embebbed, in nc-15.0 doesn't support nc-15.0.
"apps/user_external/appinfo/info.xml":
<nextcloud min-version="13" max-version="14" />

I tried do simply modify max-version to 15 and it seems working (with IMAP authentification in my case).

more than one domain should be allowed to be configured as valid imap auth domain in config.php:

'user_backends' => array(
array(
'class' => 'OC_User_IMAP',
'arguments' => array(
'{127.0.0.1:143/imap/readonly}', 'example1.com, example2.com, example3.com'
),
),
),

alternatively:

'user_backends' => array(
array(
'class' => 'OC_User_IMAP',
'arguments' => array(
'{127.0.0.1:143/imap/readonly}',
'example1.com',
'example2.com',
'example3.com'
),
),
),

lets say i authenticate users against two independent imap servers,
id like to automatically join new users of each imap server to their own configurable group, call it Group A and Group B, where the group itself is not forcefully linked to the imap server they authenticate, but rather another configuration option within the imap server backend configuration array to set the group name to join the user into.

thanks

Affected apps

imap backend

Steps to reproduce

This is a copy over from nextcloud/server#12703

On a nextcloud 14.0.4 installation:

Everytime there seems to be a hickup with the imap server all the app passwords are lost.

This is especially bad, as the nexctloud client retries to auth with the lost app password, where nextcloud then tries to re-auth at the imap server, which might get you eventually locked, because of too many wrong login attempts.

@ChristophWurst mentioned:

On a second thought I'm wondering if it shouldn't be the IMAP user back-end that can store known
users and handle these cases properly with an exception that makes the instance inaccessible in
general as long as the user back-end is unavailable.

If the user back-end tells Nextcloud "this password is wrong" then Nextcloud will do its "wrong
password" procedure.

Hi!
Try enable User authentication with IMAP
In config.php set this

'user_backends' => array(
array(
'class' => 'OC_User_IMAP',
'arguments' => array(
'{imap.gmail.com:143/imap/readonly}', 'gmail.com'
),
),
),
And try login to my nextcloud with gmail credentials

Actual behaviour

get error in nextcloud/data/nextcloud.log
{"reqId":"BxNNonT7i6PQchT7C87r","level":3,"time":"2019-03-11T13:57:16+00:00","remoteAddr":"104.248.27.211","user":"--","app":"user_external","method":"POST","url":"/login","message":"ERROR: IMAP Error: Array\n(\n [0] => Connection failed to gmail-imap.l.google.com,143: Connection timed out\n [1] => Connection failed to gmail-imap.l.google.com,143: Connection timed out\n [2] => Can't connect to gmail-imap.l.google.com,143: Cannot assign requested address\n)\n","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","version":"15.0.5.3"}
{"reqId":"BxNNonT7i6PQchT7C87r","level":2,"time":"2019-03-11T13:57:16+00:00","remoteAddr":"104.248.27.211","user":"--","app":"core","method":"POST","url":"/login","message":"Login failed: '[email protected]' (Remote IP: '104.248.27.211')","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36","version":"15.0.5.3"}
-->

Operating system:
Debian 9

Web server:
nginx
Database:
mysql
PHP version:
php7.0
Nextcloud version: (see Nextcloud admin page)
15
Updated from an older Nextcloud/ownCloud or fresh install:
fresh install
Where did you install Nextcloud from:
bare-metal server

Steps to reproduce

1. Upgrade user_external app from admin panel
2. Run the updater in web UI
3. Server breaks down

Expected behaviour

Everything should keep working

Actual behaviour

Can't login or use occ command

Affected Authentication backend

Using IMAP backend

Server configuration

Operating system:
Docker debian

Web server:
apache
Database:
MySQL
PHP version:
7.1
Nextcloud version: (see Nextcloud admin page)
15
Updated from an older Nextcloud/ownCloud or fresh install:
update
Where did you install Nextcloud from:
Docker hub

Logs

Nextcloud log (data/nextcloud.log)

An unhandled exception has been thrown:
OCP\AutoloadNotAllowedException: Autoload path not allowed: /var/www/html/apps/user_external/lib/imap.php in /var/www/html/lib/autoloader.php:137
Stack trace:
#0 /var/www/html/lib/autoloader.php(162): OC\Autoloader->isValidPath('/var/www/html/a...')
#1 [internal function]: OC\Autoloader->load('OC_User_IMAP')
#2 [internal function]: spl_autoload_call('OC_User_IMAP')
#3 /var/www/html/lib/private/legacy/user.php(138): class_exists('OC_User_IMAP')
#4 /var/www/html/lib/base.php(721): OC_User::setupBackends()
#5 /var/www/html/lib/base.php(1068): OC::init()
#6 /var/www/html/console.php(46): require_once('/var/www/html/l...')
#7 /var/www/html/occ(11): require_once('/var/www/html/c...')
#8 {main}[

Affected apps

user_external

Steps to reproduce

1. create local users and users with external user backend (webdav)
2. create groups with different composations of the above users
3. see that for all users only the local users are counted, but for the group all users

Expected behaviour

all users should count the total of all usersers regardless of the backend

Actual behaviour

only local users are counted, users from external user backend (webdav) are not

Server configuration

Operating system: ubuntu 16.04

Web server: apache2

Database: mariaDB

PHP version: 7.2

Nextcloud version: 13.0.2

Updated from an older Nextcloud/ownCloud or fresh install: fresh

Where did you install Nextcloud from: nextcloud.com download

Signing status:

No errors have been found.

List of activated apps:

Enabled:
  - activity: 2.6.1
  - admin_notifications: 1.0.1
  - bruteforcesettings: 1.0.3
  - comments: 1.3.0
  - dav: 1.4.6
  - federatedfilesharing: 1.3.1
  - federation: 1.3.0
  - files: 1.8.0
  - files_automatedtagging: 1.3.0
  - files_external: 1.4.1
  - files_pdfviewer: 1.2.1
  - files_rightclick: 0.8.4
  - files_sharing: 1.5.0
  - files_texteditor: 2.5.1
  - files_trashbin: 1.3.0
  - files_versions: 1.6.0
  - files_videoplayer: 1.2.0
  - firstrunwizard: 2.2.1
  - gallery: 18.0.0
  - groupfolders: 1.2.0
  - logreader: 2.0.0
  - lookup_server_connector: 1.1.0
  - metadata: 0.6.0
  - nextcloud_announcements: 1.2.0
  - notifications: 2.1.2
  - oauth2: 1.1.0
  - password_policy: 1.3.0
  - provisioning_api: 1.3.0
  - quota_warning: 1.2.0
  - ransomware_protection: 1.1.0
  - serverinfo: 1.3.0
  - sharebymail: 1.3.0
  - survey_client: 1.1.0
  - systemtags: 1.3.0
  - theming: 1.4.1
  - twofactor_backupcodes: 1.2.3
  - updatenotification: 1.3.0
  - user_external: 0.4
  - workflowengine: 1.3.0
Disabled:
  - admin_audit
  - encryption
  - files_accesscontrol
  - user_ldap

Nextcloud configuration:

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***"
        ],
        "auth.bruteforce.protection.enabled": true,
        "0": [
            ".htaccess",
            "Thumbs.db",
            "thumbs.db"
        ],
        "cron_log": true,
        "activity_expire_days": 33,
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "13.0.2.1",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "enable_previews": true,
        "enabledPreviewProviders": [
            "OC\\Preview\\PNG",
            "OC\\Preview\\JPEG",
            "OC\\Preview\\GIF",
            "OC\\Preview\\BMP",
            "OC\\Preview\\XBitmap",
            "OC\\Preview\\Movie",
            "OC\\Preview\\PDF",
            "OC\\Preview\\MP3",
            "OC\\Preview\\TXT",
            "OC\\Preview\\MarkDown"
        ],
        "preview_max_x": 1024,
        "preview_max_y": 768,
        "preview_max_scale_factor": 1,
        "filesystem_check_changes": 0,
        "filelocking.enabled": "true",
        "htaccess.RewriteBase": "\/",
        "integrity.check.disabled": false,
        "knowledgebaseenabled": false,
        "logfile": "\/var\/nc_data\/nextcloud.log",
        "loglevel": 0,
        "logtimezone": "Europe\/Berlin",
        "log_rotate_size": 104857600,
        "maintenance": false,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "overwriteprotocol": "https",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "timeout": 0
        },
        "quota_include_external_storage": false,
        "share_folder": "",
        "skeletondirectory": "\/srv\/nextclouddata\/presets\/",
        "theme": "",
        "trashbin_retention_obligation": "auto, 7",
        "updater.release.channel": "stable",
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "user_backends": [
            {
                "class": "\\OCA\\User_External\\WebDAVAuth",
                "arguments": [
                    "***REMOVED SENSITIVE VALUE***"
                ]
            }
        ],
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauth": 1,
        "mail_smtpport": "465",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpsecure": "ssl",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***"
    }
}

Are you using external storage, if yes which one: webdav

Are you using encryption: no

Are you using an external user-backend, if yes which one: Webdav

Client configuration

Browser: Firefox 59

Operating system: Win 10

Logs

Web server error log

Insert your webserver log here

Nextcloud log (data/nextcloud.log)

Insert your Nextcloud log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...

phpunit tests are not (yet) working
we should make them work, so we can execute them automatically in travis CI
any help is appreciated
see #31 for what I tried (#31 (comment))
cc @MorrisJobke @rullzer @nickvergessen

Affected apps

user_external

Steps to reproduce

1. Use OC_User_IMAP for authentication
   {imapserver:143/imap/tls/readonly}
2. Disable TLSv1 on the IMAP server remaining TLSv1.1 and TLSv1.2

See closed issue for Nectcloud nextcloud/server#10328

Affected apps

Nextcloud-14.0.4 (at least)
user_external

Steps to reproduce

1. Create a local user (in my case [email protected])
2. Enable user_external and configure IMAP auth
3. Login with IMAP credentials

Actual behaviour (modified user names and IPs)

I enabled IMAP authentication for my (locally existing) users.
Initial login with IMAP credentials is fine:

Dec 15 22:49:08 srv-mail-1 dovecot: imap-login: Login: user=[email protected], method=PLAIN, rip=192.168.0.201, lip=192.168.0.202, mpid=4153, TLS, session=<kLF3hBZ9bq/AqADJ>
Dec 15 22:49:08 srv-mail-1 dovecot: imap([email protected]): Logged out in=15 out=436

After several minutes (even while using / browsing) you're getting logged out. The logfile contains the following error:

{"reqId":"bAkH7FHnR1VCysvgycVc","level":2,"time":"2018-12-15T21:54:14+00:00","remoteAddr":"a.b.c.d","user":"[email protected]","app":"core","method":"GET","url":"/ocs/v2.php/apps/notifications/api/v2/notifications","message":"Login failed: '[email protected]' (Remote IP: 'a.b.c.d')","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36","version":"14.0.4.2"}

However, the mail log is fine - no errors / failed logins but also no login attemps.

The problem is the same/similar when using the desktop client - initial sync is fine but subsequent login attemps fail with the same error.

If I should really collect all the information requested in this template please let me know - thanks.

Steps to reproduce

1. Enable External Users
2. Set user backends
   'user_backends' =>
   array (
   0 =>
   array (
   'class' => 'OC_User_IMAP',
   'arguments' =>
   array (
   0 => '{:993/imap/ssl/novalidate-cert}',
   ),
   ),
   ),
3. Log in with an IMAP backed account, and even if you keep browsing the folders and files continuously, the session expires after 5 minutes.
4. Use a non-IMAP user, do the same and the session does not expire after 5 minutes.

Expected behaviour

Session should not expire while user is active, regardless if user is backed by IMAP.

Actual behaviour

Session expires for IMAP users after 5 minutes, even if they are being active all the time.

Server configuration

Operating system: FreeBSD 11.2

Web server: Apache 2.4.34

Database: mysql 5.6.41

PHP version: 5.6.37

Nextcloud version: 13.0.6

Updated from an older Nextcloud/ownCloud or fresh install: Updated from 13.0.4 (freshly installed 13.0.4 had the same behaviour)

Where did you install Nextcloud from: Downloaded from nextcloud.com, updated with built-in updater.

Signing status:

List of activated apps:

Nextcloud configuration:

Are you using external storage, if yes which one: NONE

Are you using encryption: no

Are you using an external user-backend, if yes which one: OC_User_IMAP

Client configuration

Browser: Firefox, Chrome

Operating system: Linux, Windows

Logs

Web server error log

Nextcloud log (data/nextcloud.log)

Browser log

Affected apps

user_external

Steps to reproduce

1. Create a Local user with a name
2. Create an external user by logging in one time, eg. with IMAP
3. Search for a part of the Name.

Expected behaviour

When Searching for "Doe" I would expect to find all users called John Doe using the User Management Tool of NC, no matter it's a local or external User.

Actual behaviour

A Search Query "Doe" won't find John Doe, if he's an external User. If he's a local User the Match will be fuzzy, eg. $search . "%" vs "%" . $search . "%"

Server configuration

Operating system:

Ubuntu 16.04

Web server:

Apache 2.4

Database:

Mysql

PHP version:

5.6.35

Server version: (see your admin page)

10.0.6, but reproduceable with 12.0.7, too

Updated from an older installed version or fresh install:

Updated since OC

Are you using encryption: yes/no

no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

IMAP

Client configuration

Browser:

various (Chromium, Safari etc)

Operating system:

Linux, OSX etc

I made a pull Request to fix this behaviour, please check nextcloud/apps#51

@violoncelloCH we should discuss PSR4 and autoloading at some point. This isn't necessary anymore if the class files are named correctly 🚀

Originally posted by @ChristophWurst in #37

ref: https://docs.nextcloud.com/server/stable/developer_manual/app/classloader.html#psr-4-autoloading

For security reasons would be great to add possibility limit OC_User_IMAP (or other methods as well) for specified domain(s) to avoid trying login with not-alowed email domains.

And add control function to check if login email domain belongs under alowed domains list. If not, do not try to ask IMAP for login.

Steps to reproduce

1. Use user_external with IMAP authentication and no domain in username.

Expected behaviour

No errors.

Actual behaviour

Nextcloud logging the following error on every IMAP password check;

Undefined variable: groups at /var/www/localhost/htdocs/cloud/apps/user_external/lib/imap.php#101

In lib/imap.php for usernames without domains the groups array/variable is not setup at ($this->groupDomain && $pieces[1]) { $groups[] = $pieces[1]; } and hence $this->storeUser($uid, $groups); needs groups previously defined to null or guarded.

Affected Authentication backend

IMAP

Server configuration

User External App version: 0.6.3 plus pull #83

Operating system: Gentoo

Web server: Cherokee

Database: MariaDB

PHP version: 7.1.30

Nextcloud version: 15.0.8

Updated from an older Nextcloud/ownCloud or fresh install: Updated

Where did you install Nextcloud from: Source

@violoncelloCH @MorrisJobke @rullzer @nextcloud/user_external we should probably put the app in the app store, right?

@violoncelloCH do you want to do that? :)

If "user_external" does not work, no user can currently log on.
Please add something like this.
If the user login is accepted by IMAP and if user not available create the user, otherwise replace the login credentials in the Nextcloud database with the password of the accepted login. Then add a "need IMAP Login" flag to the accounts created by Imap.

If a user login matches a login already available in the nextcloud database but Imap does not accept it, mark the user in the backend with a "Maybe a login problem" accept the login and tell this administrator. This allows the administrator to check whether an account is no longer available and should be removed from Nextcloud.
If the IMAP server is unavailable, but the login credentials are correct and no flag "Maybe a login problem" is available, allow the user to log in (and assume that there are only temporary connection problems). If "user_external" is disabled, all users remain in the Nextcloud database and can continue logging in.

Followup of closed issue #3

If it is not a supported use case to overtake local nextcloud users, this is a security issue (that it's possible to access the local users files even if you get logged out after several minutes). However, you should consider fixing this in one way or the other rather than simply closing the issue.

During reviewing #54 (and experimenting with it), I just remarked that a wrong configuration of OC_User_BasicAuth could lead to a potential security issue:

If an admin configures an URL to authenticate against, where no basic authentication happens at all but the server responds with a 200 response immediately on each request, everyone can login with any username/password combinations.
It's even possible to login with usernames registered under other backends (e.g. a username registered as a regular Nextcloud user; you can just use anything as password and get access to this user account as well).

It could even be the case, that something changes on the side of the requested web server over time and the admin wouldn't remark it at all (that his Nextcloud is open to anyone) until he/she explicitly tests wrong username/password combinations

I wonder, if we could somehow check, if the requested web server does an authentication at all and otherwise not allow access. If not, we should at least add a warning to the documentation.
What do you think @nerdmaennchen ?

Hello,
What can I do to either rename username and make an IMAP user a regular user, or disable IMAP for a certain user and set a password inside nextcloud?

NC-14.0.4 to NC15.0.0

Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results
=======
- user_external
	- EXCEPTION
		- OC\IntegrityCheck\Exceptions\InvalidSignatureException
		- Signature data not found.

Raw output
==========
Array
(
    [user_external] => Array
        (
            [EXCEPTION] => Array
                (
                    [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
                    [message] => Signature data not found.
                )

        )

)

Please allow to set up a forgotten password link to config.php to be able to let user reset their own password by the login-backend provider.
eg.

# Enter a Link to replace Password forgotten with. 
# ( {MAIL_USERNAME} get replaced by the text field value)
'user_backend_forgotten' => 'https://example.com/forgottenpage/forgottenscript.php?username={MAIL_USERNAME}&email={MAIL_USERNAME}'

Steps to reproduce

Add in the config.php several Imap backends (and activate the app).

Expected behaviour

Can connect with emails located in any of the servers configured in config.php

Actual behaviour

If the mail is located on the first backend, it works, I can connect.
If the mail is located in any backend that is not first in the list, I can't connect.

It was working in NC12.
I upgraded to NC13 (didn't test that particular feature), then to NC14.

Server configuration detail

Operating system: Linux 4.9.0-0.bpo.2-amd64 #1 SMP Debian 4.9.18-1~bpo8+1 (2017-04-10) x86_64

Webserver: nginx/1.14.0 (fpm-fcgi)

Database: Mariadb 10.0.36

PHP version:

7.0.32-1~dotdeb+8.1
Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, cgi-fcgi, igbinary, mysqlnd, PDO, xml, apcu, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, iconv, imap, intl, json, ldap, exif, mcrypt, mysqli, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, Phar, posix, readline, redis, shmop, SimpleXML, sockets, sqlite3, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xmlreader, xmlwriter, xsl, zip, Zend OPcache

Nextcloud version: 14.0.1 - 14.0.1.1

Updated from an older Nextcloud/ownCloud or fresh install: Updated from Nc12 to Nc13, then to Nc14

Where did you install Nextcloud from: deb package from http://apt.jurisic.org/debian/ stretch main contrib non-free

Enabled:
 - accessibility: 1.0.1
 - activity: 2.7.0
 - admin_audit: 1.4.0
 - announcementcenter: 3.3.1
 - apporder: 0.5.0
 - bookmarks: 0.13.1
 - bruteforcesettings: 1.1.0
 - calendar: 1.6.1
 - checksum: 0.4.1
 - cloud_federation_api: 0.0.1
 - comments: 1.4.0
 - contacts: 2.1.3
 - dav: 1.6.0
 - deck: 0.4.1
 - drawio: 0.9.1
 - federatedfilesharing: 1.4.0
 - files: 1.9.0
 - files_downloadactivity: 1.3.0
 - files_external: 1.5.0
 - files_pdfviewer: 1.3.2
 - files_retention: 1.3.0
 - files_rightclick: 0.8.4
 - files_sharing: 1.6.2
 - files_texteditor: 2.6.0
 - files_trashbin: 1.4.1
 - files_versions: 1.7.1
 - files_videoplayer: 1.3.0
 - flowupload: 0.0.8
 - gallery: 18.1.0
 - issuetemplate: 0.4.0
 - lookup_server_connector: 1.2.0
 - mail: 0.10.0
 - metadata: 0.7.0
 - mindmaps: 0.1.0
 - notifications: 2.2.1
 - oauth2: 1.2.1
 - ownpad: 0.6.8
 - password_policy: 1.4.0
 - polls: 0.8.3
 - provisioning_api: 1.4.0
 - quota_warning: 1.3.0
 - ransomware_protection: 1.2.0
 - richdocuments: 2.0.8
 - serverinfo: 1.4.0
 - sharebymail: 1.4.0
 - socialsharing_email: 1.0.4
 - spreed: 4.0.0
 - survey_client: 1.2.0
 - systemtags: 1.4.0
 - tasks: 0.9.7
 - theming: 1.5.0
 - twofactor_backupcodes: 1.3.1
 - user_external: 0.4
 - workflowengine: 1.4.0
Disabled:
 - federation
 - firstrunwizard
 - impersonate
 - passman

{
    "trusted_domains": [
        "aaa.bbb",
        "ccc.ddd"
    ],
    "activity_expire_days": 180,
    "appstoreenabled": false,
    "appstore.experimental.enabled": true,
    "auth.bruteforce.protection.enabled": true,
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "data-fingerprint": "",
    "dbhost": "***REMOVED SENSITIVE VALUE***",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "dbtableprefix": "oc_",
    "dbtype": "mysql",
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "default_language": "fr",
    "hashingCost": 10,
    "htaccess.RewriteBase": "\/",
    "installed": true,
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "integrity.check.disabled": true,
    "logfile": "\/var\/log\/nextcloud\/commune.log",
    "logtimezone": "Europe\/Brussels",
    "mail_domain": "***REMOVED SENSITIVE VALUE***",
    "mail_from_address": "***REMOVED SENSITIVE VALUE***",
    "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpmode": "smtp",
    "mail_smtpport": 25,
    "maintenance": false,
    "memcache.distributed": "\\OC\\Memcache\\Redis",
    "memcache.local": "\\OC\\Memcache\\APCu",
    "memcache.locking": "\\OC\\Memcache\\Redis",
    "minimum.supported.desktop.version": "2.1.0",
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "preview_libreoffice_path": "\/usr\/bin\/libreoffice",
    "preview_max_filesize_image": 5,
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trashbin_retention_obligation": "60, 90",
    "updatechecker": false,
    "upgrade.disable-web": false,
    "user_backends": [
        {
            "class": "OC_User_IMAP",
            "arguments": [
                "{imap.xxx.yyy:993\/imap\/ssl}INBOX"
            ]
        },
        {
            "class": "OC_User_IMAP",
            "arguments": [
                "{imap.zzz.aaa:993\/imap\/ssl}INBOX"
            ]
        },
        {
            "class": "OC_User_IMAP",
            "arguments": [
                "{imap.ccc.ddd:993\/imap\/ssl}INBOX"
            ]
        }
    ],
    "version": "14.0.1.1",
    "versions_retention_obligation": "60, 90",
    "loglevel": 2,
    "overwrite.cli.url": "https:\/\/cloud.xxx.yyy"
}

Are you using external storage, if yes which one:

Are you using encryption: false

Are you using an external user-backend, if yes which one: IMAP

Client configuration

Browser: Mozilla/5.0 (X11; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0

Operating system: Debian 9

Logs

Nothing.
Just the login page that shows this error:

Internal Server Error
The server was unable to complete your request.
If this happens again, please send the technical details below to the server administrator.
More details can be found in the server log.

Nginx Log:
---------------
In nginx/access/log:
xxx.yyy.zzz.aaa - - [15/Oct/2018:22:19:24 +0200] "POST /login HTTP/1.1" 303 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" "cloud.collectifs.net"

Nothing in nginx/error.log

Nextcloud log:
--------------------
{"reqId":"hQBPnUXTsWyQPfetIWGs","level":3,"time":"2018-10-15T22:11:16+02:00","remoteAddr":"xxx.yyy.zzz.aaa","user":"--","app":"index","method":"POST","url":"\/login","message":{"Exception":"OC\\User\\NoUserException","Message":"Backends provided no user object","Code":0,"Trace":[{"function":"getUserFolder","class":"OC\\Files\\Node\\Root","type":"->","args":["*** sensitive parameter replaced ***"]},{"file":"\/home\/nextcloud\/instances\/commune\/lib\/private\/Files\/Node\/LazyRoot.php","line":64,"function":"call_user_func_array","args":[[{"__class__":"OC\\Files\\Node\\Root"},"getUserFolder"],["*** sensitive parameter replaced ***"]]},{"file":"\/home\/nextcloud\/instances\/commune\/lib\/private\/Files\/Node\/LazyRoot.php","line":281,"function":"__call","class":"OC\\Files\\Node\\LazyRoot","type":"->","args":["getUserFolder",["*** sensitive parameter replaced ***"]]},{"file":"\/home\/nextcloud\/instances\/commune\/lib\/private\/Server.php","line":1370,"function":"getUserFolder","class":"OC\\Files\\Node\\LazyRoot","type":"->","args":["*** sensitive parameter replaced ***"]},{"file":"\/home\/nextcloud\/instances\/commune\/lib\/private\/User\/Session.php","line":501,"function":"getUserFolder","class":"OC\\Server","type":"->","args":["*** sensitive parameter replaced ***"]},{"file":"\/home\/nextcloud\/instances\/commune\/lib\/private\/User\/Session.php","line":372,"function":"prepareUserLogin","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"\/home\/nextcloud\/instances\/commune\/core\/Controller\/LoginController.php","line":321,"function":"completeLogin","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/home\/nextcloud\/instances\/commune\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":166,"function":"tryLogin","class":"OC\\Core\\Controller\\LoginController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/home\/nextcloud\/instances\/commune\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":99,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"\/home\/nextcloud\/instances\/commune\/lib\/private\/AppFramework\/App.php","line":118,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"\/home\/nextcloud\/instances\/commune\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php","line":47,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OC\\Core\\Controller\\LoginController","tryLogin",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"_route":"core.login.tryLogin"}]},{"function":"__invoke","class":"OC\\AppFramework\\Routing\\RouteActionHandler","type":"->","args":[{"_route":"core.login.tryLogin"}]},{"file":"\/home\/nextcloud\/instances\/commune\/lib\/private\/Route\/Router.php","line":297,"function":"call_user_func","args":[{"__class__":"OC\\AppFramework\\Routing\\RouteActionHandler"},{"_route":"core.login.tryLogin"}]},{"file":"\/home\/nextcloud\/instances\/commune\/lib\/base.php","line":987,"function":"match","class":"OC\\Route\\Router","type":"->","args":["\/login"]},{"file":"\/home\/nextcloud\/instances\/commune\/index.php","line":42,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"\/home\/nextcloud\/instances\/commune\/lib\/private\/Files\/Node\/Root.php","Line":368,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:62.0) Gecko\/20100101 Firefox\/62.0","version":"14.0.1.1"}

Steps to reproduce

1. Install NC 15.07 + users_external
2. Configure IMAP Server
3. Login once with an Imap user, so a record gets inserted to *users_external
4. Try to share a Directory ort File and search for the uid (aka. E-Mail Address)

Expected behaviour

The IMAP User Record should appear after starting to type the E-Mail Address

Actual behaviour

The IMAP User only get's displayed after entering the complete E-Mail Address

Affected Authentication backend

IMAP

Server configuration

User External App version: (see Nextcloud apps page)

0.6.1

Operating system:

Ubuntu 18.04

Web server:

Apache

Database:

MariaDB 10.1

PHP version:

7.1-7.3

Nextcloud version: (see Nextcloud admin page)

15.0.7

Updated from an older Nextcloud/ownCloud or fresh install:

Updated, but probably happens on fresh install as well.

Where did you install Nextcloud from:

update Channel

Signing status:

No errors have been found.

List of activated apps:

Enabled:
  - accessibility: 1.1.0
  - activity: 2.8.2
  - admin_audit: 1.5.0
  - bruteforcesettings: 1.3.0
  - calendar: 1.6.5
  - cloud_federation_api: 0.1.0
  - comments: 1.5.0
  - contacts: 3.1.1
  - dav: 1.8.1
  - federatedfilesharing: 1.5.0
  - federation: 1.5.0
  - files: 1.10.0
  - files_pdfviewer: 1.4.0
  - files_sharing: 1.7.0
  - files_texteditor: 2.7.0
  - files_trashbin: 1.5.0
  - files_versions: 1.8.0
  - files_videoplayer: 1.4.0
  - gallery: 18.2.0
  - logreader: 2.0.0
  - lookup_server_connector: 1.3.0
  - nextcloud_announcements: 1.4.0
  - notifications: 2.3.0
  - oauth2: 1.3.0
  - password_policy: 1.5.0
  - provisioning_api: 1.5.0
  - richdocuments: 3.2.4
  - serverinfo: 1.5.0
  - support: 1.0.0
  - survey_client: 1.3.0
  - systemtags: 1.5.0
  - tasks: 0.9.8
  - theming: 1.6.0
  - twofactor_backupcodes: 1.4.1
  - twofactor_u2f: 2.1.3
  - updatenotification: 1.5.0
  - user_external: 0.6.1
  - workflowengine: 1.5.0
Disabled:
  - bookmarks
  - encryption
  - files_accesscontrol
  - files_automatedtagging
  - files_external
  - files_retention
  - firstrunwizard
  - sharebymail
  - twofactor_totp
  - user_ldap

Nextcloud configuration:

{
    "system": {
        "debug": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "X",
            "Y",
            "Z"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "15.0.7.0",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "defaultapp": "activity",
        "theme": "",
        "activity_expire_days": 90,
        "maintenance": false,
        "forcessl": true,
        "secret": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "filelocking.enabled": "true",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "auth.bruteforce.protection.enabled": false,
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "0": "\/tmp\/redis.sock",
            "port": 6379,
            "timeout": 0,
            "dbindex": 0
        },
        "user_backends": [
            {
                "class": "OC_User_IMAP",
                "arguments": [
                    "mail.niedermayr.net",
                    993,
                    "ssl",
                    ""
                ]
            }
        ],
        "loglevel": 2,
        "trashbin_retention_obligation": 30,
        "updater.release.channel": "production",
        "singleuser": false,
        "overwrite.cli.url": "https:\/\/nc.niedermayr.net",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_sendmailmode": "smtp",
        "mail_smtpport": "587",
        "mail_smtpsecure": "tls"
    }
}

Logs

Web server error log

IP - - [30/Apr/2019:02:51:09 +0200] "GET /ocs/v1.php/apps/files_sharing/api/v1/sharees?format=json&search=bma&perPage=200&itemType=file HTTP/1.1" 200 1444 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/73.0.3683.86 Chrome/73.0.3683.86 Safari/537.36

Nextcloud log (data/nextcloud.log)

Nextcloud Log stays silend

Affected apps

user_external

Expected behaviour

If user_external can not login over imap show a message what the error was!

Actual behaviour

It just shows a general purpose error message, that login was not successful.

It took me over an hour to find out, that the user_external app was properly enabled and even executed, just that the server certificate was wrong.
I managed to find that out by adding only adding a single line to imap.php

OCP\Util::writeLog('user_external', implode('|', imap_errors()), OCP\Util::ERROR);

Steps to reproduce

1. activate user_external app
2. change config.php to activate login over imap (but have an error in your configuration)
3. try to login

Hello folks,
trying to authenticate an NC-user via IMAP4, fails with the following error:

Internal` Server Error
The server was unable to complete your request.

If this happens again, please send the technical details below to the server administrator.

More details can be found in the server log.

Technical details
Remote Address: 70.191.2.004
Request ID: Xn559eWohGNv41PyObSB

The logfile points to:
https://github.com/nextcloud/apps/blob/f8fb4d98464254c037b330d4a17c9851b7bee823/user_external/lib/imap.php#L55-L59

where quotation of string-expressions in plain SQL seems to be the problem: SQL-strings with dbl-quotes aren't allowed for postgres. Attached patch fixes the problem and hands-off backend-aware quoting to the prep.-statement-executor.

 $result = OC_DB::executeAudited(
                 SELECT `userid` FROM `*PREFIX*preferences` WHERE `appid`=? AND `configkey`=? AND `configvalue`=?',
                 array('settings','email',$uid)
                );

patch_user_external_pgsql.diff.txt
++umgfoin.

Steps to reproduce

1. Install and enable user_external plugin
2. Open live logging https://**/index.php/settings/admin/logging

Expected behaviour

The debug output shouldn't spam the logs.

Actual behaviour

I get like almost every second one of these two errors:

Undefined offset: 1 at /var/www/cloud/public/apps/user_external/lib/imap/imap_rcube.php#149

Undefined index: force_caps at /var/www/cloud/public/apps/user_external/lib/imap/imap_rcube.php#945

Affected Authentication backend

IMAP

I've configured the external user login via imap. It would be great if it's possible to create a group and automatically add new users which a given domain-part to a group.

by @RubenKelevra from nextcloud/server#1253

If you upgrade user_external to 0.6.x+ you need to adopt to new IMAP configuration settings that's more or less documented in #52 - however due to the changes the contents of the users_external database tables also need to be modified if you are having users that predate the update - the contents of the backend table are different - where before the full connection string was used now only the hostname is used - this creates some unintended effects:

• users with the old entry style are not recognized from nextcloud anymore - that creates subtle errors with shares / user listings etc.pp.

• if users login a new entry with the hostname of the imap server is created on the backend table that creates duplicate uid entries and possible duplicate users. You can fix that directly if you edit the users_external database table and replace/rename the old naming in the backendcolumn to the new naming and remove any duplicate uid entries - however some kind of warning or tutorial for migration would be nice!

Steps to reproduce

1. Use Nextcloud with user_external plugin
2. Upgrade to new Nextcloud Version / user_external 0.6.x version
3. Things will break in various subtle and not so subtle ways:

• users can't login due to different imap connect string
• users aren't in the database due to different backend-string in the database column backend in the users_external table.

Expected behaviour

Tell us what should happen

• ideal world: everything should be migrated on it's own with a notification on the migration

• at least: notification for admins that manual intervention is required with a detailled tutorial on how to fix things.

Actual behaviour

Tell us what happens instead

• users can't login and if you fix the imap string existing users from that backend are missing until you manually fix the database tables.

Affected Authentication backend

Eg. FTP or IMAP or is it a general problem?

• I can confirm it for the IMAP backend, maybe other backends are also affected

Server configuration

User External App version: (see Nextcloud apps page)

0.6.1

Operating system:

Linux

Web server:

nginx

Database:

MySQL 8.0

PHP version:

7.3

Nextcloud version: (see Nextcloud admin page)

15.0.5

Updated from an older Nextcloud/ownCloud or fresh install:

Constantly updated for a about 2 years, so lot's of versions.

Hi *

After upgrading to user_external v0.6 logging in using IMAP does not work anymore.

I’m seeing the following in the logs:

{"reqId":"5iUZ0(...)","level":3,"time":"2019-03-16T02:30:58+00:00","remoteAddr":"$IP","user":"--","app":"PHP","method":"POST","url":"\/login?user=$USER","message":"Use of undefined constant ssl - assum
ed 'ssl' at \/var\/www\/nextcloud\/config\/config.php#33","userAgent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/73.0.3683.75 Safari\/537.36","version":"15.0.5.3"}
{"reqId":"bM1aectC(...)","level":3,"time":"2019-03-16T02:30:58+00:00","remoteAddr":"$IP","user":"--","app":"PHP","method":"GET","url":"\/login?user=$USER","message":"Use of undefined constant ssl - assumed 'ssl
' at \/var\/www\/nextcloud\/config\/config.php#33","userAgent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/73.0.3683.75 Safari\/537.36","version":"15.0.5.3"}
{"reqId":"gzT2LKW(...)","level":3,"time":"2019-03-16T02:30:59+00:00","remoteAddr":"$IP","user":"--","app":"PHP","method":"GET","url":"\/cron.php","message":"Use of undefined constant ssl - assumed 'ssl' at \/var\/www\/next
cloud\/config\/config.php#33","userAgent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/73.0.3683.75 Safari\/537.36","version":"15.0.5.3"}

I have changed the config from something like:

  array (
    0 => 
    array (
      'class' => 'OC_User_IMAP',
      'arguments' => 
      array (
        0 => '{$IMAP-IP:993/imap/ssl/novalidate-cert}',
      ),
    ),
  ),

to

  array (
    array (
      'class' => 'OC_User_IMAP',
      'arguments' => 
      array (
        '$IMAP-IP', 993, ssl
      ),
    ),
  ),

(as it should be according to the updated readme).

which caused the error message in nextcloud.log as shown above.

Running Nextcloud Stable latest (15.0.5).

# php-fpm7.0 --version
PHP 7.0.33-0ubuntu0.16.04.2 (fpm-fcgi)
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.0.33-0ubuntu0.16.04.2, Copyright (c) 1999-2017, by Zend Technologies

# uname -a
Linux nextcloud 4.4.0-143-generic #169-Ubuntu SMP Thu Feb 7 07:56:38 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

# cat /etc/*-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.6 LTS"
NAME="Ubuntu"
VERSION="16.04.6 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.6 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial

Also changing the way the config file is parsed during a release is kinda uncool, especially since there is no remark in the release comments as breaking changes. Would be cool, if breaking changes would be announced at least in the GH release and if possible also in the Nextcloud UI/occ when trying to perform an update.

+ it would be great if there would be a list of possible options (eg for the ssl mode) at least somewhere in the code :)

lmk if you need more logoutput and stuff. I’ve fixed the problem for now by c&p the imap.php file from the release before and simply not running any sanity check on the files, which is ... suboptimal.

cheers

After upgrading to 0.6.0 and modifying the config.php external users are not able to login. In the maillog only one line gets logged, after entering the credentials.
Mar 25 02:31:22 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=46.163.73.154, lip=46.163.73.154, TLS, session=<JmSBKeGE2Owuo0ma>

Nextcloud logs
{"reqId":"XJgwzy6jSZoAADDtgekAAAAF","level":2,"time":"2019-03-25T01:37:26+00:00","remoteAddr":"92.117.153.184","user":"--","app":"core","method":"POST","url":"/login?user=user%40domain.com","message":"Login failed: '[email protected]' (Remote IP: '92.117.153.184')","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0","version":"15.0.5.3","id":"5c9832441bd5d"}

Nextcloud 15.0.5 with php 7.2 on Ubuntu 16.04 with mailserver on one machine (vserver with plesk)

User_backend from config.php
'user_backends' =>
array (
0 =>
array (
'class' => 'OC_User_IMAP',
'arguments' =>
array (
'my-mail-server.com', 993, 'ssl', ''
),
),
),

I have updated the plugin to 0.6.1 and it broke the IMAP authentication. (Previous version 0.5)

This is what I have in configuration:

'user_backends' => array(
    array(
        'class' => 'OC_User_IMAP',
        'arguments' => array(
            'mail.xxxx.xx', 993, 'ssl', 'xxxx.xx'
        ),
    ),
),

According to the mail servers log it does not try to authenticate:
May 25 19:22:24 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=x, lip=xx, TLS, session=<21ICj7mJeutWZVlq>

I have tried to set SSL mode to TLS or NULL with port 143, but same result. As you can see currently it is set to use SSL.

I can not find any useful information in the Nextcloud log about this. The old plugin works with the following configuration:

'user_backends' =>
array (
   0 =>
  array (
    'class' => 'OC_User_IMAP',
    'arguments' =>
    array (
      0 => '{mail.xxxx.xx:143/imap/notls/norsh/novalidate-cert}',
    ),
  ),
),

Affected apps

External user-backend

Reason behind the feature request

The IMAP servers out there are segmented. Some providers don't allow for IMAP unless upgraded to a paid plan (Eg: Zoho) and expect the users to purely use the web interface. Moreover, some users disable IMAP entirely and use POP3 alone.

In situations like these, the IMAP authentication simply fails. The user has no choice but to go with a local user for the authentication.

It would be better if we go with SMTP for authentication or, ideally, add an SMTP authentication backend, in order to avoid breaking existing installations, for the sake of Email based authentication.
Every provider provides SMTP and it's a more common way of authenticating users (regardless of IMAP or POP3).

Honestly, I'd love to implement this and make a pull request, but unfortunately, I'm not sure what to read up on in order to do SMTP auth. Every article I read online seems to teach me "how to send emails with SMTP in PHP", which is not what we're trying to do here. So if someone could point me in the right direction, I'd be happy to make a PR

This happens only to contacts with MacOS. Calendar sync on MacOS is working as well as contacts sync on iOS with this related account.

Steps to reproduce

1. Login with IMAP credentials and copy contacts URI from contacts app in NextCloud
2. Create a new Carddav account in MacOS. Type: manual, User/password: IMAP credentials, Serveraddress: pasted from previous step.

Expected behaviour

MacOS downloads all existing contacts and is able to sync as expected from other carddav clients like iOS.

Actual behaviour

MacOS tries to verify the configuration and says "Username/Password could not be verified"

In the Serverlogs i noticed a difference between this carddav calls and the working calls from the Nextcloud sync application.
Carddav (not working):

"PROPFIND /nextcloud/remote.php/dav/addressbooks/users/**imapuser%
40example.com**/contacts/ HTTP/1.1" "-" "Mac OS X/10.13.3 (17D102) AddressBook/1808.6"

Nextcloud sync Client (working):

"PROPFIND /nextcloud/remote.php/dav/files/**[email protected]**/ HTTP/1.1" "-" "Mozilla/5.0 (Macintosh) mirall/2.3.3 (build 84) (Nextcloud)"

As you can see, the "@" is encoded as "%40" from the MacOS Contacts application.
So i've created these two aliases in apache:

  Alias '/nextcloud/remote.php/dav/addressbooks/users/imapuser%40example.com/contacts/' 'https://example.com/nextcloud/remote.php/dav/addressbooks/users/[email protected]/contacts/'
  Alias '/nextcloud/remote.php/dav/principals/users/imapuser%40example.com/contacts/' 'https://example.com/nextcloud/remote.php/dav/principals/users/[email protected]/contacts/'

... and now it works like a charm :-)
I guess we need another workaround like nextcloud/apps#35

Server configuration

Operating system: Debian GNU/Linux 9.4 (stretch)

Web server: Apache HTTP Server 2.4.25-3+deb9u3

Database: MariaDB 10.1.26-0+deb9u1

PHP version: 7.0.27-0+deb9u1

Nextcloud version: 13.0.1

Contacts version: 2.1.3

Updated from an older Nextcloud or fresh install: Updated from OwnCloud 9.1.6 with recommended upgrade path to NextCloud 13.0.1

Signing status:

No errors have been found.

List of activated apps:

Enabled:
  - activity: 2.6.1
  - bruteforcesettings: 1.0.3
  - calendar: 1.6.1
  - caniupdate: 0.1.2
  - comments: 1.3.0
  - contacts: 2.1.3
  - dav: 1.4.6
  - federatedfilesharing: 1.3.1
  - federation: 1.3.0
  - files: 1.8.0
  - files_pdfviewer: 1.2.1
  - files_sharing: 1.5.0
  - files_texteditor: 2.5.1
  - files_trashbin: 1.3.0
  - files_versions: 1.6.0
  - files_videoplayer: 1.2.0
  - firstrunwizard: 2.2.1
  - gallery: 18.0.0
  - logreader: 2.0.0
  - lookup_server_connector: 1.1.0
  - nextcloud_announcements: 1.2.0
  - notifications: 2.1.2
  - oauth2: 1.1.0
  - password_policy: 1.3.0
  - piwik: 0.3.2
  - provisioning_api: 1.3.0
  - quota_warning: 1.2.0
  - ransomware_protection: 1.1.0
  - serverinfo: 1.3.0
  - sharebymail: 1.3.0
  - socialsharing_email: 1.0.3
  - survey_client: 1.1.0
  - systemtags: 1.3.0
  - theming: 1.4.1
  - twofactor_backupcodes: 1.2.3
  - updatenotification: 1.3.0
  - user_external: 0.4
  - workflowengine: 1.3.0
Disabled:
  - admin_audit
  - encryption
  - external
  - files_external
  - keeweb
  - radio
  - user_ldap

Nextcloud configuration:

{
    "system": {
        "maintenance": false,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "overwrite.cli.url": "https:\/\/***REMOVED SENSITIVE VALUE***\/nextcloud",
        "dbtype": "mysql",
        "version": "13.0.1.1",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "php",
        "mail_smtpauthtype": "LOGIN",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "user_backends": [
            {
                "class": "OC_User_IMAP",
                "arguments": [
                    "{***REMOVED SENSITIVE VALUE***:993\/imap\/ssl\/novalidate-cert\/readonly}INBOX"
                ]
            }
        ],
        "lost_password_link": "disabled",
        "trashbin_retention_obligation": "7,30",
        "log_rotate_size": "52428800",
        "enabledPreviewProviders": [
            "OC\\Preview\\BMP",
            "OC\\Preview\\GIF",
            "OC\\Preview\\JPEG",
            "OC\\Preview\\MarkDown",
            "OC\\Preview\\MP3",
            "OC\\Preview\\PNG",
            "OC\\Preview\\TXT",
            "OC\\Preview\\XBitmap",
            "OC\\Preview\\PDF",
            "OC\\Preview\\Postscript",
            "OC\\Preview\\SVG",
            "OC\\Preview\\TIFF",
            "OC\\Preview\\Movie"
        ],
        "theme": "",
        "loglevel": 2
    }
}

Are you using external storage, if yes which one: none

Are you using encryption: no

Are you using an external user-backend, if yes which one: IMAP

Client configuration

Browser: Safari / Chrome

Operating system: MacOS High Sierra 10.13.3

CardDAV-clients: iOS and MacOS

Logs

Web server error log

"PROPFIND /nextcloud/remote.php/dav/addressbooks/users/**imapuser%
40example.com**/contacts/ HTTP/1.1" "-" "Mac OS X/10.13.3 (17D102) AddressBook/1808.6"

Nextcloud log (data/nextcloud.log)

nothing related

Browser log

nothing related

When using External User Backend with IMAP the display name is set as the email address and the user's email is not set. Can we add the ability to set the display name as the name before the @ in the email address and the user's email address automatically setup?

Steps to reproduce

1. Add a specified domain in config.php for IMAP authentification
2. Login with an existing IMAP user ([email protected])

Expected behaviour

"[email protected]" is logged on his nextcloud account.

Actual behaviour

a new user simply called "user" is created because (I quote): "After successfull login the domain part will be striped and the rest used as username in Nextcloud. e.g. '[email protected]' will be 'username' in Nextcloud."

Affected Authentication backend

IMAP

Server configuration

User External App version:
0.6.1

Operating system:
Slackware GNU/Linux (4.4.178)

Web server:
nginx-1.14.2

Database:
mariadb-10.3.14

PHP version:
7.3.4

Nextcloud version:
15.0.7

Updated from an older Nextcloud/ownCloud or fresh install:
updated

Where did you install Nextcloud from:
I use official tarball from nextcloud.com

Maybe I misunderstood how should work IMAP with specified domain. When I used the old user_external app (until 0.5), it wasn't possible to specifiy a domain. It could be nice to specify one without stripping the domain part and still use "'[email protected]" as username.

Have a nice day!

PS: last important thing: I was afraid to see "user_external" dying so I'm glad to see people works on it. Thanks a lot! :)