Me too–I wrote the initial e-smith-horde/e-smith-imp RPMs, a long time back. So getting Horde running on my Neth box was a pretty high priority when I migrated to Neth a couple of years back.
Horde (at least as configured with the nethserver-horde module, which is what I’m using) uses IMAP to log in to the system at all (which avoids needing to mess with configuring it to authenticate via any of the possible Neth account providers–just authenticate via IMAP, and let the IMAP server handle the rest). And since I was able to log in to the Horde framework itself, I didn’t expect authentication was the problem. But these lines from the log suggest otherwise:
2020-07-01T08:55:56-04:00 INFO: HORDE [imp] FAILED LOGIN for admin (96.68.219.29) to {imap://localhost/} [pid 4104 on line 157 of "/usr/share/horde/imp/lib/Auth.php"]
2020-07-01T08:56:22-04:00 WARN: HORDE [imp] [login] Could not open secure TLS connection to the IMAP server. [pid 4104 on line 730 of "/usr/share/horde/imp/lib/Imap.php"]
The default configuration called for unencrypted IMAP on 143 to localhost. That isn’t a security problem if the traffic’s never leaving the system, but maybe it’s the case that Dovecot simply doesn’t allow unencrypted connections.
But changing it seems to lock me out entirely. signal-event nethserver-horde-update
“fixes” things, but only to the extent that I’m back where I started. So let’s try again, while /var/log/horde/horde.log
scrolls by.
After running signal-event nethserver-horde-update
, and logging in as my admin user (same as my Nethserver admin user), I see this in the log:
2020-07-01T09:49:47-04:00 NOTICE: HORDE [horde] Login success for admin to horde (96.68.219.29) [pid 19227 on line 164 of "/usr/share/horde/login.php"]
I go to the configuration page, go to Horde, scroll down and click Generate Horde Configuration. Log out and back in, and now I see this in the log:
2020-07-01T09:50:49-04:00 NOTICE: HORDE [horde] User admin logged out of Horde (96.68.219.29) [pid 19249 on line 107 of "/usr/share/horde/login.php"]
2020-07-01T09:50:55-04:00 NOTICE: HORDE [horde] Login success for admin to horde (96.68.219.29) [pid 19305 on line 164 of "/usr/share/horde/login.php"]
2020-07-01T09:50:55-04:00 WARN: HORDE [imp] [login] Could not open secure TLS connection to the IMAP server. [pid 19305 on line 730 of "/usr/share/horde/imp/lib/Imap.php"]
2020-07-01T09:50:55-04:00 INFO: HORDE [imp] FAILED LOGIN for admin (96.68.219.29) to {imap://localhost/} [pid 19305 on line 157 of "/usr/share/horde/imp/lib/Auth.php"]
(and every page I click on results in those last two lines being repeated). It’s not clear why it’s trying to open a “secure TLS connection”, since the default configuration is to use no encryption.
I go back into the Configuration page, back to Horde, to the Authentication tab. And in this section:
I replace localhost
with my server’s fqdn. Log out and back in again, I’m still getting this in the log:
2020-07-01T09:57:41-04:00 NOTICE: HORDE [horde] User admin logged out of Horde (96.68.219.29) [pid 19198 on line 107 of "/usr/share/horde/login.php"]
2020-07-01T09:57:45-04:00 NOTICE: HORDE [horde] Login success for admin to horde (96.68.219.29) [pid 19198 on line 164 of "/usr/share/horde/login.php"]
2020-07-01T09:57:45-04:00 WARN: HORDE [imp] [login] Could not open secure TLS connection to the IMAP server. [pid 19198 on line 730 of "/usr/share/horde/imp/lib/Imap.php"]
2020-07-01T09:57:45-04:00 INFO: HORDE [imp] FAILED LOGIN for admin (96.68.219.29) to {imap://localhost/} [pid 19198 on line 157 of "/usr/share/horde/imp/lib/Auth.php"]
Looks like something’s wrong here–it shouldn’t be using localhost at all. But wait, that error’s coming from imp.
Looking further, /etc/horde/imp/backends.php
calls for an IMAP/TLS connection to localhost
. I can see why that would fail; localhost
isn’t part of the TLS certificate, so name validation would fail. But that file hasn’t been modified in over two years, so why would it be a problem now? That file says it shouldn’t be modified, that any changes should instead go in backends.local.php. So, fine, let’s create /etc/horde/imp/backends.local.php
with these contents:
<?php
$servers['imap']['hostspec'] = 'my_fqdn';
And we’re making progress:
2020-07-01T10:15:23-04:00 NOTICE: HORDE [horde] User admin logged out of Horde (96.68.219.29) [pid 19197 on line 107 of "/usr/share/horde/login.php"]
2020-07-01T10:15:31-04:00 NOTICE: HORDE [horde] Login success for admin to horde (96.68.219.29) [pid 24925 on line 164 of "/usr/share/horde/login.php"]
2020-07-01T10:15:31-04:00 WARN: HORDE [imp] [login] Could not open secure TLS connection to the IMAP server. [pid 24925 on line 730 of "/usr/share/horde/imp/lib/Imap.php"]
2020-07-01T10:15:31-04:00 INFO: HORDE [imp] FAILED LOGIN for admin (96.68.219.29) to {imap://my_fqdn/} [pid 24925 on line 157 of "/usr/share/horde/imp/lib/Auth.php"]
Login is still failing for failure to open a “secure TLS connection to the IMAP server”, but at least it looks like it’s trying to authenticate to the right hostname. So why can’t it open that TLS connection? openssl s_client -connect my_fqdn:143 -starttls imap
connects without a problem–but then, it also connects without a problem to localhost. I’m getting confused here.