6.0.0-git
2018-12-12
Last Modified 2018-07-19 by Guest

Access a Remote IMAP Server with a Different Login HowTo

Written by Ole Wolf (ole [at] naturloven [dot] dk)

The following hook lets local users who sign on to Horde with SQL, LDAP, etc. access a remote IMAP server where they've been created with different usernames and passwords than their Horde logins.

Custom Database

Add a custom table named custom_mailusers to your Horde database using your favorite database manager. The table should contain three VARCHAR fields using the first one as a key:

  • username VARCHAR(40)
  • imapusername VARCHAR(40)
  • imappassword VARCHAR(40)

This table contains the local usernames in username and their corresponding usernames and passwords on the remote IMAP server in imapusername and imappassword. Note that you'll have to somedhow manage this database table yourself.

IMAP Server ++

Setup the remote IMAP server as you would setup any IMAP server in IMP's backends file. Make a note of the $servers entry, as this will be used in the hook, below.

Hook

The following hook in IMP's hooks.local.php file reads from the database using the Horde database login and translates the local login username to the remote IMAP server's username and password:

    public function preauthenticate( $userId, $credentials )
    {
        global $conf;

        require dirname( __FILE__ ) . '/../config/conf.php';

        if( ! empty( $userId ) )
        {
            // Lookup IMAP username and password for the preferred username
            // in the custom table that is stored in the horde database.
            $dbhost   = $conf[ 'server' ][ 'name' ];
            $dbuser   = $conf[ 'sql' ][ 'username' ];
            $dbpasswd = $conf[ 'sql' ][ 'password' ];
            $dbname   = $conf[ 'sql' ][ 'database' ];
            $mysqli = new mysqli( $dbhost, $dbuser, $dbpasswd, $dbname );
            if( $mysqli->connect_error )
            {
                die( 'Cannot access username mapping database' );
            }
            $res = $mysqli->query( "SELECT imapusername, imappassword FROM custom_mailusers WHERE username='" . $mysqli->escape_string( $userId ) . "'" );
            if( ! $res )
            {
                Horde::logMessage( $mysqli->error, 'ERR' );
                die( 'Cannot query username mapping database' );
            }
            $newCred = $res->fetch_assoc( );
            if( $newCred === false )
            {
                die( 'Cannot read username from database' );
            }
            $imapUserId = $newCred[ 'imapusername' ];
            $imapPasswd = $newCred[ 'imappassword' ];

            Horde::logMessage( "Translating login $userId to $imapUserId", 'INF' );

            // Login with the IMAP credentials.
            $server      = 'imap';
            $credentials = array( 'server'      => $server,
                                  'transparent' => true,
                                  'password'    => $imapPasswd
                                  );
            return array( 'credentials' => $credentials,
                          'userId'      => $imapUserId );
        }

        return true;
    }

Replace the $server = imap'' content with that of your backends.php entry if necessary.

Security Issues

Since this hook assumes that Horde has authenticated the user, do not use this hook if you're using the IMP application to login with, as this will enable anyone who is registered as a user to login regardless of password!

Also, note that the user passwords are stored in plain text in the database.