Issue with ZimbraCustomAuth Original Client IP Address

Have a great idea for extending Zimbra? Share ideas, ask questions, contribute, and get feedback.
Post Reply
abhi2528
Posts: 1
Joined: Thu Oct 29, 2015 7:27 am

Issue with ZimbraCustomAuth Original Client IP Address

Post by abhi2528 »

Hi All,
I am trying to extend the Zimbra authentication to incorporate our custom Authentication Logic. To do so I was able to successfully create a server extension by extending the ZimbraCustomAuth class. I placed the jar in /lib/ext<my extension> folder, and it was called and executed just fine. Now, for my custom logic, the original client IP address is of utmost importance. From what I could gather, the authenticate method in this class has a "context" object:
public void authenticate(Account acct, String password, Map<String, Object> context, List<String> args) throws Exception 
 Within this context object there is a value for "Original client IP address", which can be retrieved as:
context.get("ocip")
Now, this works fine for POP and IMAP. I get the calling clients IP address in ocip field. The trouble is with SMTP and SOAP. In case of SOAP, the ocip value is always the Zimbra's server's local IP and in case of smtp it is null.
Could someone please explain why this is so? Is it by design? Is it a bug? Has someone else faced this issue?
The IP is very critical for my implementation so if someone could suggest a way of extracting the correct originating IP in custom authentication, it would be hugely appreciated.
Thanks
Abhi



User avatar
barrydegraaff
Zimbra Employee
Zimbra Employee
Posts: 242
Joined: Tue Jun 17, 2014 3:31 am
Contact:

Re: Issue with ZimbraCustomAuth Original Client IP Address

Post by barrydegraaff »

Hello Abhi,

Sorry, it's a bit late. But for whoever else may need it.

First you need to add for all your trusted proxies:
zmprov mcf +zimbraMailTrustedIP < trusted zimbra proxies here >

Then in your extension:

ZimbraSoapContext zsc = getZimbraSoapContext(context);
zsc.getRequestIP()

I tried this on a regular zimbra extension, not an auth one, but it is probably similar.

Regards,

Barry
Post Reply