scripte/archivmail
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(PROJ-26,PROJ-38): IMAP LDAP-Auth + Mail-Threading

Browse Source
This commit is contained in:
sysops
2026-04-05 20:17:41 +02:00
parent 956b5b6d5f
commit b252172cc7
11 changed files with 382 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/imapserver/server.go
+11 -1
View File
@@ -375,8 +375,18 @@ func (sess *session) cmdLogin(tag string, args string) {
return
}
// Authenticate via userstore (direct bcrypt check, bypasses TOTP for IMAP)
// Authenticate: try local bcrypt first, then LDAP fallback via authMgr.
// TOTP is intentionally bypassed for IMAP (protocol has no 2FA support).
user, err := sess.server.users.VerifyPassword(username, password)
if err != nil && sess.server.authMgr != nil {
// Local auth failed — try LDAP fallback through auth.Manager.
// authMgr.Login returns (token, user, totpRequired, err); we only need user.
_, ldapUser, _, ldapErr := sess.server.authMgr.Login(username, password)
if ldapErr == nil && ldapUser != nil {
user = ldapUser
err = nil
}
}
if err != nil {
sess.server.logger.Warn("imapserver: login failed", "user", username, "remote", sess.remoteAddr)
sess.server.audit.Log(audit.Entry{