Horde login problems

NethServer Version: 7.8
Module: nethserver-horde

I’ve had this problem before, and it was a fairly simple fix, but I don’t remember what it was. Bother.

I’ve lost the ability to log into Horde, or more specifically IMP. I’m pretty sure this resulted from a recent update to one of the horde modules, though since I’ve been working from home I haven’t been using web mail of any flavor nearly as much as normal. I can log into Horde itself as myself or as admin. However, it doesn’t show the mail by default, and when I click on the Mail link in the header, it asks me to log in again. And for this, it doesn’t accept the username and password.

I’ve already rebuilt the Horde configuration (log in as admin, go to Configuration here
Go into Horde, click Generate Configuration at the bottom of the page). I’m sure there’s something pretty obvious I’m missing, but having trouble here. Any suggestions?


Hi Dan

I used Horde before, a long time ago on SME-Server…
AFAIK, Horde uses IMAP for login to mail, could it be a changed SSL issue or something similiar? (Auth…)

My 2 cents

Me too–I wrote the initial e-smith-horde/e-smith-imp RPMs, a long time back. So getting Horde running on my Neth box was a pretty high priority when I migrated to Neth a couple of years back.

Horde (at least as configured with the nethserver-horde module, which is what I’m using) uses IMAP to log in to the system at all (which avoids needing to mess with configuring it to authenticate via any of the possible Neth account providers–just authenticate via IMAP, and let the IMAP server handle the rest). And since I was able to log in to the Horde framework itself, I didn’t expect authentication was the problem. But these lines from the log suggest otherwise:

2020-07-01T08:55:56-04:00 INFO: HORDE [imp] FAILED LOGIN for admin ( to {imap://localhost/} [pid 4104 on line 157 of "/usr/share/horde/imp/lib/Auth.php"]
2020-07-01T08:56:22-04:00 WARN: HORDE [imp] [login] Could not open secure TLS connection to the IMAP server. [pid 4104 on line 730 of "/usr/share/horde/imp/lib/Imap.php"]

The default configuration called for unencrypted IMAP on 143 to localhost. That isn’t a security problem if the traffic’s never leaving the system, but maybe it’s the case that Dovecot simply doesn’t allow unencrypted connections.

But changing it seems to lock me out entirely. signal-event nethserver-horde-update “fixes” things, but only to the extent that I’m back where I started. So let’s try again, while /var/log/horde/horde.log scrolls by.

After running signal-event nethserver-horde-update, and logging in as my admin user (same as my Nethserver admin user), I see this in the log:

2020-07-01T09:49:47-04:00 NOTICE: HORDE [horde] Login success for admin to horde ( [pid 19227 on line 164 of "/usr/share/horde/login.php"]

I go to the configuration page, go to Horde, scroll down and click Generate Horde Configuration. Log out and back in, and now I see this in the log:

2020-07-01T09:50:49-04:00 NOTICE: HORDE [horde] User admin logged out of Horde ( [pid 19249 on line 107 of "/usr/share/horde/login.php"]
2020-07-01T09:50:55-04:00 NOTICE: HORDE [horde] Login success for admin to horde ( [pid 19305 on line 164 of "/usr/share/horde/login.php"]
2020-07-01T09:50:55-04:00 WARN: HORDE [imp] [login] Could not open secure TLS connection to the IMAP server. [pid 19305 on line 730 of "/usr/share/horde/imp/lib/Imap.php"]
2020-07-01T09:50:55-04:00 INFO: HORDE [imp] FAILED LOGIN for admin ( to {imap://localhost/} [pid 19305 on line 157 of "/usr/share/horde/imp/lib/Auth.php"]

(and every page I click on results in those last two lines being repeated). It’s not clear why it’s trying to open a “secure TLS connection”, since the default configuration is to use no encryption.

I go back into the Configuration page, back to Horde, to the Authentication tab. And in this section:
I replace localhost with my server’s fqdn. Log out and back in again, I’m still getting this in the log:

2020-07-01T09:57:41-04:00 NOTICE: HORDE [horde] User admin logged out of Horde ( [pid 19198 on line 107 of "/usr/share/horde/login.php"]
2020-07-01T09:57:45-04:00 NOTICE: HORDE [horde] Login success for admin to horde ( [pid 19198 on line 164 of "/usr/share/horde/login.php"]
2020-07-01T09:57:45-04:00 WARN: HORDE [imp] [login] Could not open secure TLS connection to the IMAP server. [pid 19198 on line 730 of "/usr/share/horde/imp/lib/Imap.php"]
2020-07-01T09:57:45-04:00 INFO: HORDE [imp] FAILED LOGIN for admin ( to {imap://localhost/} [pid 19198 on line 157 of "/usr/share/horde/imp/lib/Auth.php"]

Looks like something’s wrong here–it shouldn’t be using localhost at all. But wait, that error’s coming from imp. :confused:

Looking further, /etc/horde/imp/backends.php calls for an IMAP/TLS connection to localhost. I can see why that would fail; localhost isn’t part of the TLS certificate, so name validation would fail. But that file hasn’t been modified in over two years, so why would it be a problem now? That file says it shouldn’t be modified, that any changes should instead go in backends.local.php. So, fine, let’s create /etc/horde/imp/backends.local.php with these contents:

$servers['imap']['hostspec'] = 'my_fqdn';

And we’re making progress:

2020-07-01T10:15:23-04:00 NOTICE: HORDE [horde] User admin logged out of Horde ( [pid 19197 on line 107 of "/usr/share/horde/login.php"]
2020-07-01T10:15:31-04:00 NOTICE: HORDE [horde] Login success for admin to horde ( [pid 24925 on line 164 of "/usr/share/horde/login.php"]
2020-07-01T10:15:31-04:00 WARN: HORDE [imp] [login] Could not open secure TLS connection to the IMAP server. [pid 24925 on line 730 of "/usr/share/horde/imp/lib/Imap.php"]
2020-07-01T10:15:31-04:00 INFO: HORDE [imp] FAILED LOGIN for admin ( to {imap://my_fqdn/} [pid 24925 on line 157 of "/usr/share/horde/imp/lib/Auth.php"]

Login is still failing for failure to open a “secure TLS connection to the IMAP server”, but at least it looks like it’s trying to authenticate to the right hostname. So why can’t it open that TLS connection? openssl s_client -connect my_fqdn:143 -starttls imap connects without a problem–but then, it also connects without a problem to localhost. I’m getting confused here.


Sometimes things change upstream without us changeing anything - or not even aware of the change until someone’s no-brainer hit’s you.

Recall when in SME / RHEL someone changed the Auth for SMB to use utf Passwords instead of ISO8859-1? That was NOT during any major change / upgrade, where such things could be accepted… It was during the running period of that release…

That not only invalidated every users login, but also all machine accounts were invalidated at once… :frowning:

Maybe something changed the gears in our NethServer Gearbox, now the gears don’t “grip” each other like before…
Implying an update upstream, changing the game…

There have been a lot of stuff recently in the forums, where you were also active, about reducing the SSH/SSL Cipher footprint. Maybe one of those things changed the game here…

My 2 cents

I could reproduce the issue when TLS policy is set to “2020-05-10 no TLS 1.2”.
After setting the policy to “2018-10-01” I was able to login to Horde mail again.

Seems PHP 5.4 does not support >TLS 1.0
I tried to use PHP 5.6 but no success so far…




No doubt I’m missing something–if you’re going to be using a non-standard PHP version (presumably via php-scl), wouldn’t you want to use a current version?

Yes, you’re right. It was just a quick test. I’m going to try PHP 7…

Can confirm this works, thanks. It’d be nice to get it working with modern encryption, but working is good.


Horde supports PHP7 since version 6.2.20.


Should we try to use PHP7?

1 Like

Yes, I think we need to upgrade to PHP7 because I guess we want to use strict TLS policy.

IIRC, performance should be considerably better with PHP7 as well.

1 Like