Roundcube, beware the IMAP user....

home | blog | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts


- Careful Chrome users, this search box might be "Not secure"



If you are having login issues in Roundcube using remote host IMAP...
Verify that the user name in the Roundcube matches the one in your IMAP back end (including case).

If you change your back end user name upper / lower case, Rouncube will still have the other version of that user name, and fail the login
(but probably succeed on the IMAP back end (if the back end is set to ignore case).
Roundcube keeps the version from the first log in, and won't create a new one.

I could imagine where Roundcube would treat this as just another case of a "new user" and chuck in a new user with the changed case, but it does not.
Best just to not change your back end user name once they have logged in using Roundcube.
Or set Roundcube to ignore case....
But that rope has been pissed up already :-):
http://trac.roundcube.net/ticket/1487681
I have a user who used a login with uppercase characters at his first time login in roundcube some time ago with a older version of roundcube.
In the database in the table users his username also has this uppercase characters. After upgrading to version 0.5 of roundcube he was not able
to login anymore because the login seems now to be case-sensitive. Changing $rcmail_config['login_lc'] to true does not help at this point
because the username string in database will not be converted to lowercase character. I use e-mail addresses as login and a mysql database.

Steps to reproduce:

change a character of your username to uppercase in database in table users
set $rcmail_config['login_lc'] to true in the config
try to login
Workaround: Convert all usernames in your database in table users to lowercase.

Change History

comment:1 Changed 15 months ago by alec

Milestone changed from later to 0.6-beta
I think we'll not fix this. Use your workaround and forget.

comment:2 Changed 14 months ago by charly

Let me understand:

If a new user logs into the new RC, there will be no error.
The error occurs if an older user, from an older version of RC, has typed his username with wrong case, then
after upgrading RC to the latest version there are case problems.
If i understand correctly, to "fix" this bug we need to write some lines documenting this behavior into
KnownIssues and Upgrade wiki pages and into the TXTs distributed with RC.

I don't agree to change any line of code; may be provide a sample sql command or somethin in the Documentation.

comment:3 Changed 11 months ago by alec

Status changed from new to closed
Resolution set to wontfix
Added comment in config file and wiki.


Update to the update - looks like true or false was a bad choice for the case sensitivity:
You now need to figure out your version and go with 0, 1, or 2.. :-)
// Forces conversion of logins to lower case.
// 0 - disabled, 1 - only domain part, 2 - domain and local part.
// If users authentication is case-insensitive this must be enabled.
// Note: After enabling it all user records need to be updated, e.g. with query:
//       UPDATE users SET username = LOWER(username);
$config['login_lc'] = 2;


Update! The lower case option should be set from the get-go:
http://trac.roundcube.net/wiki/Howto_KnownIssues
If you set it correctly from the get-go, all will be okey dokey! See section below from the link above (if you are lazy and don't want to click).
Login case-sensitive

User logins are case-sensitive in Roundcube. However, you can use 'login_lc' option to make them case-insensitive. Exactly it forces all logins to be lowercase before logging in and registering a user. After enabling this option, user records needs to be updated, e.g. with query "UPDATE users SET username = LOWER(username);".




[æ]