This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 218f30f828e96cbbbee0ac60d4395729c05ab0bc Author: Benoit TELLIER <[email protected]> AuthorDate: Mon Jan 5 17:49:00 2026 +0100 JAMES-4158 Document IMAP per-port administrators --- docs/modules/servers/partials/configure/imap.adoc | 3 +++ docs/modules/servers/partials/configure/usersrepository.adoc | 2 ++ src/site/xdoc/server/config-imap4.xml | 2 ++ src/site/xdoc/server/config-users.xml | 2 +- 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/modules/servers/partials/configure/imap.adoc b/docs/modules/servers/partials/configure/imap.adoc index 431495f86f..9110452826 100644 --- a/docs/modules/servers/partials/configure/imap.adoc +++ b/docs/modules/servers/partials/configure/imap.adoc @@ -62,6 +62,9 @@ Whether to enable Authentication PLAIN if the connection is not encrypted via SS | auth.oidc.scope | An OAuth scope that is valid to access the service (RF: RFC7628). Only configure this when you want to authenticate IMAP server using a OIDC provider. +| auth.adminUsers.adminUser +| XML list of administrators able to impersonate any IMAP users. This is typically enable on non publicly exposed IMAP servers eg port 994 for admin support or migration. + | timeout | Default to 30 minutes. After this time, inactive channels that have not performed read, write, or both operation for a while will be closed. Negative value disable this behaviour. diff --git a/docs/modules/servers/partials/configure/usersrepository.adoc b/docs/modules/servers/partials/configure/usersrepository.adoc index 4bd8d585ad..9782fa4386 100644 --- a/docs/modules/servers/partials/configure/usersrepository.adoc +++ b/docs/modules/servers/partials/configure/usersrepository.adoc @@ -36,6 +36,8 @@ acting on the behalf of any user. | administratorIds | List of usernames. Allows multiple administrators to access the https://tools.ietf.org/html/rfc4616#section-2[impersonation command], acting on behalf of any user by specifying multiple `<administratorId>` entries inside the `<administratorIds>` block. +Prefer ref:imap.adoc[imapserver.xml] `auth.adminUsers` property to not +enable admin impersonation onto publicly exposed interfaces. Notes: Only one of the above `<administratorId>` property or this `<administratorIds>` block should be used to specify the administrator(s). diff --git a/src/site/xdoc/server/config-imap4.xml b/src/site/xdoc/server/config-imap4.xml index 0990cfeec6..dfe02e6178 100644 --- a/src/site/xdoc/server/config-imap4.xml +++ b/src/site/xdoc/server/config-imap4.xml @@ -107,6 +107,8 @@ <dd>Whether to enable Authentication PLAIN/ LOGIN command. Defaults to true.</dd> <dt><strong>auth.requireSSL</strong></dt> <dd>true or false. Defaults to true. Whether to require SSL to authenticate. If this is required, the IMAP server will disable authentication on unencrypted channels.</dd> + <dt><strong>auth.adminUsers.adminUser</strong></dt> + <dd>XML list of administrators able to impersonate any IMAP users. This is typically enable on non publicly exposed IMAP servers eg port 994 for admin support or migration.</dd> <dt><strong>auth.oidc.oidcConfigurationURL</strong></dt> <dd>Provide OIDC url address for information to user. Only configure this when you want to authenticate IMAP server using a OIDC provider.</dd> <dt><strong>auth.oidc.jwksURL</strong></dt> diff --git a/src/site/xdoc/server/config-users.xml b/src/site/xdoc/server/config-users.xml index 5ea75be4e9..96fd8f0203 100644 --- a/src/site/xdoc/server/config-users.xml +++ b/src/site/xdoc/server/config-users.xml @@ -63,7 +63,7 @@ <dd>user's name. Allow a user to access to the <a href="https://tools.ietf.org/html/rfc4616#section-2";>impersonation command</a>, acting on the behalf of any user.</dd> <dt><strong>administratorIds</strong></dt> <dd>List of usernames. Allows multiple administrators to access the <a href="https://tools.ietf.org/html/rfc4616#section-2";>impersonation command</a>, acting on behalf of any user by specifying multiple - <code><administratorId></code> entries inside the <code><administratorIds></code> block.</dd> + <code><administratorId></code> entries inside the <code><administratorIds></code> block. Prefer ref:imap.adoc[imapserver.xml] `auth.adminUsers` property to not enable admin impersonation onto publicly exposed interfaces. </dd> <dd><em>Note:</em> Only one of the above <code><administratorId></code> property or this <code><administratorIds></code> block should be used to specify the administrator(s).</dd> <dt><strong>verifyFailureDelay</strong></dt> <dd>2, 2s, 2000ms, default 0s (disabled). Delay after a failed authentication attempt with an invalid user name or password.</dd> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
