-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
O365 IMAP Auth end of life 2022-10-01 #205
Comments
got hit by this issue last week, is this the only migration path possible? |
It may be possible to re-factor the IMAP code to use SMTP instead (which may continue to work?) I have also in the past customized the social-login app to use the email address as the UID, which also worked. |
Obvious path out of this is using an IMAP-conformant email provider, but in many corporate cases, getting out of that jail looks like a daunting task. |
Hey, thanks for raising this. However I feel that there is no much we can do if companies drop support for standard protocols. Your migration approach sounds reasonable; other options might be using other types of authentications as LDAP/AD or possibly OAuth. Writing a user_external module capable of doing authentication over SMTP could work too, but for me personally it's out of scope. If anyone is up for doing this, contributions are obviously always welcome :) |
could nextcloud/mail#7722 help here also in any way? |
IMAP Authentication in user_external uses basic authentication.
As of October 1, 2022 Microsoft will begin disabling basic authentication in Exchange365.
(There is information in the Microsoft link above describing how you can opt out of having Microsoft disable IMAP basic authentication for your tenant.)
Normally it is not possible to set a password in /settings/users for accounts authenticating through user_external. However, if you manually create an entry in oc_users with a uid that matches an entry in oc_users_external, it becomes possible to set a local nextcloud password.
My plan at the moment is to move my existing users from IMAP auth to internal Nextcloud Auth, then require twofactor_email for the migrated users.
The code snippet below works on my system to create entries in oc_users with matching uid values from oc_users_external.
My database settings from config.php:
Connect to the sql database
Manually create an entry in 'oc_users' using the same value for uid and displayname used in oc_users_external:
Once there is an entry in "oc_users" with a uid that matches an entry in oc_users_external, the user's password can be set in /settings/users
The User now sees the same files & shares if logging in using the original IMAP password or the new locally set password
Requring two factor auth using twofactor_email ensures that security remains tied to the user's email
There is some fine-tuning that could be applied to this procedure:
This code snippet sets the selected user's local password to "badPassword" -
The text was updated successfully, but these errors were encountered: