Extension talk:AuthIMAP

For what it's worth: I installed AuthIMAP with Mediawiki 1.12.

It worked OK, except that I can't manage user rights because:
 * My mail server uses a full email address for login - "mary@example.com"
 * We have two domains, so I can't hard-code the domain into Auth_imap.php
 * As a result, my IMAP-Authenticated usernames contain an "@"
 * The "@" is used to split the username into two parts in includes/SpecialUserrights.php - something to do with interwiki user rights.

I can force Special:Userrights to work if I comment out the lines shown below: 220        ##      $parts = explode( '@', $username ); 221        ##      if( count( $parts ) < 2 ) { 222                        $name = trim( $username ); 223                        $database = ''; 224        ##      } else { 225        ##              list( $name, $database ) = array_map( 'trim', $parts ); 226 ##   227 ##                      if( !$wgUser->isAllowed( 'userrights-interwiki' ) ) { 228 ##                             $wgOut->addWikiMsg( 'userrights-no-interwiki' ); 229 ##                             return null; 230 ##                     }    231 ##                      if( !UserRightsProxy::validDatabase( $database ) ) { 232 ##                             $wgOut->addWikiMsg( 'userrights-nodatabase', $database ); 233 ##                             return null; 234 ##                     }    235 ##              }

I also see that includes/User.php includes a function designed to prevent the creation of usernames containg '@': 475        /**    476          * Usernames which fail to pass this function will be blocked 477         * from new account registrations, but may be used internally 478         * either by batch processes or by user accounts which have 479         * already been created. 480         *    481          * Additional character blacklisting may be added here 482         * rather than in isValidUserName to avoid disrupting 483         * existing accounts. 484         *    485          * @param string $name 486         * @return bool 487         */    488         static function isCreatableName( $name ) { 489                return 490                        self::isUsableName( $name ) && 491   492                         // Registration-time character blacklisting... 493                        strpos( $name, '@' ) === false; 494        }

Possible Solution
Set $wgInvalidUsernameCharacters = '^' $wgUserrightsInterwikiDelimiter = '^'

User Rights
All my users have admin rights and the WikiSysop account only works if I disable the extension. Work-arounds where users are users and the WikiSysop account is THE admin account?

The imap_open function should generally fail, as it is called after $username being transcoded with ucfirst. Most imap servers are case sensitive, for a good reason. You would either have to specifically convert to lowercase within authenticate function, like I did below, or rearrange the functions. Throwing in a print_r(imap_errors); before satisfied is also a good idea.

function authenticate($username, $password) { // lowercase username before imap check $username = strtolower($username); // Connect to the IMAP server running on port 143 on example.com using tls $mbox = imap_open("{imap.server.com:143/imap/tls/novalidate-cert}INBOX",                     "$username",                      "$password",                      OP_HALFOPEN); print_r(imap_errors);

Regards, Benjamin, Norway