On 8/12/07, Sam Varshavchik <[EMAIL PROTECTED]> wrote:
> > Here's what I had in the original password (as retrieved by authtest):
> > Encrypted Password: {SSHA}0mzmds/alGA8jaRnrM49GDCdi+vJHiGS
>
> Courier does not implement this hash function, so it does not recognize it,
> and falls back to crypt. You must be using authenticated binds, and have the
> LDAP server verify the password.
I've tried again, this time using SMD5.... created some account
creation scripts on my courier 0.56.0.20070804 test system.... here's
the output....
webmail:~# ./add_courier_account [EMAIL PROTECTED]
--givenName=Sam --sname=Sam --clearPasswd=banana --o=courier.com
--ou=d102
LDAP Success
Authentication succeeded.
Authenticated: [EMAIL PROTECTED] (uid 1001, gid 1001)
Home Directory: /var/spool/imap/user/d102/courier.com/[EMAIL PROTECTED]
Maildir: Maildir
Quota: 10240
Encrypted Password: {SMD5}Q+p82Joq6tW0vVUzWU9HDtEEdnM=
Cleartext Password: banana
Options: (none)
Then I logged on with SqWebMail and changed the password, came back
and ran authtest again:
webmail:~# authtest [EMAIL PROTECTED]
Authentication succeeded.
Authenticated: [EMAIL PROTECTED] (uid 1001, gid 1001)
Home Directory: /var/spool/imap/user/d102/courier.com/[EMAIL PROTECTED]
Maildir: Maildir
Quota: 10240
Encrypted Password: {CRYPT}KMYZ67UxW3ZIo
Cleartext Password: peaches
Options: (none)
webmail:~#
Same issue, it reverts to CRYPT for the new password, so based on
that, authlib does not support SHA1 or SMD5, or is it that I haven't
configued it to do so?
The script I created to make the accounts is below so that you can see
/ test if you think this is a bug in the current release. Meanwhile
I'm going to put this system live for a test domain that a few friends
use for email, see how it stands up in the wild.
Regards,
Lisa.
#!/bin/bash
if [ $UID != 0 ]
then
echo "Execute as root...or make sure slappasswd is in PATH"
exit 0
fi
ac_prev=
for ac_option
do
if test -n "$ac_prev"; then
eval "$ac_prev=\$ac_option"
ac_prev=
continue;
fi
case "$ac_option" in
-*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
*) ac_optarg= ;;
esac
# Lets initialise the optional values
DIS_IMAP='0'
DIS_POP3='0'
DIS_WEB='0'
QUOTA='10240'
case "$ac_option" in
--email)
ac_prev=email ;;
--email=*)
EMAIL=$ac_optarg ;;
--givenName)
ac_prev=givenName ;;
--givenName=*)
GNAME=$ac_optarg ;;
--sname)
ac_prev=sname ;;
--sname=*)
SNAME=$ac_optarg ;;
--clearPasswd)
ac_prev=clearPasswd ;;
--clearPasswd=*)
USR_PASS=$ac_optarg ;;
--o)
ac_prev=o ;;
--o=*)
O=$ac_optarg ;;
--ou)
ac_prev=ou ;;
--ou=*)
OU=$ac_optarg ;;
--quota)
ac_prev=quota ;;
--quota=*)
$QUOTA=$ac_optarg ;;
--disableimap)
ac_prev=disableimap ;;
--disableimap=*)
$DIS_IMAP=$ac_optarg ;;
--disablepop3)
ac_prev=disablepop3 ;;
--disablepop3=*)
$DIS_POP3=$ac_optarg ;;
--disablewebmail)
ac_prev=disablewebmail ;;
--disablewebmail=*)
$DIS_WEB=$ac_optarg ;;
-help | --help | -? | --?)
cat <<EOF
Add a user to LDAP and create their home directory and maildir
Their home directory is their email address
Home directory is contained in a folder by domain name
domain names are in folders by the company account number
Runs authtest on the account at the end and outputs the results
Usage: $0 [Options]
Options:
--email=EMAILADDRESS The new Username - email address
--givenName=NAME The user's first name
--snanme=NAME The user's surname
--clearPasswd=NAME The user's password
--o=NAME The domain of the email address
--ou=NAME The account number for the company
--quota=NUMBER (Optional default=10Mb) Quota for the mail account in kb
--disableimap=[0/1] (Optional default=0) Disable imap for this user?
--disablepop3=[0/1] (Optional default=0) Disable pop3 for this user?
--disablewebmail=[0/1](Optional default=0) Disable webmail for this user?
EOF
exit 0
;;
*)
echo "Unknown command $ac_option"
echo "Try $0 --help"
exit 1
;;
esac
done
ERROR=
if [ "$EMAIL" = "" ]
then
ERROR="y"
echo "Specify an email address to setup!"
fi
if [ "$USR_PASS" = "" ]
then
ERROR="y"
echo "Specify a Password!"
fi
if [ "$GNAME" = "" ]
then
ERROR="y"
echo "Specify a first Name!"
fi
if [ "$SNAME" = "" ]
then
ERROR="y"
echo "Specify a Surname!"
fi
if [ "$O" = "" ]
then
ERROR="y"
echo "Specify the organsation name for the email account!"
fi
if [ "$OU" = "" ]
then
ERROR="y"
echo "Specify the Code Foundry account number for the email account!"
fi
if [ "$ERROR" = "y" ]
then
echo "Please provide all needed Parameters!"
echo "Try $0 --help"
exit 0 ;
fi
# Generate an MD5 hash of the password
CRYPTPASS=`slappasswd -h {smd5} -s $USR_PASS`
# Create a file name for the temporary LDIF file
TMPDIF="zapme.ldif"
echo "dn: uid=$EMAIL,ou=Users,dc=courier,dc=com" > $TMPDIF
echo "objectClass: top" >> $TMPDIF
echo "objectClass: inetOrgPerson" >> $TMPDIF
echo "objectClass: CourierMailAccount" >> $TMPDIF
echo "uid: $EMAIL" >>$TMPDIF
echo "o: $O" >> $TMPDIF
echo "ou: $OU" >> $TMPDIF
echo "mailbox: Maildir" >> $TMPDIF
echo "quota: $QUOTA" >> $TMPDIF
echo "clearPassword: $USR_PASS" >> $TMPDIF
echo "userPassword: $CRYPTPASS" >> $TMPDIF
echo "disableimap: $DIS_IMAP" >> $TMPDIF
echo "disablepop3: $DIS_POP3" >> $TMPDIF
echo "disablewebmail: $DIS_WEB" >> $TMPDIF
echo "sharedgroup: public" >> $TMPDIF
echo "mailhost: 127.0.0.1" >> $TMPDIF
echo "mail: yes" >> $TMPDIF
echo "homeDirectory: $OU/$O/$EMAIL" >> $TMPDIF
echo "sn: $SNAME" >> $TMPDIF
echo "givenName: $GNAME" >> $TMPDIF
echo "cn: Mail $GNAME $SNAME" >> $TMPDIF
echo "uidNumber: 501" >> $TMPDIF
echo "gidNumber: 500" >> $TMPDIF
LDAP_INSERT=`ldapadd -a -w ldappassword -x -D
"cn=manager,dc=courier,dc=com" -f $TMPDIF`
rm $TMPDIF
esc=`echo -en "\033"`
warn="${esc}[1;31m"
done="${esc}[1;32m"
info="${esc}[1;33m"
case "$LDAP_INSERT" in
"adding new entry \"uid=$EMAIL,ou=Users,dc=courier,dc=com\"")
echo "${done}LDAP Success"
;;
21)
echo "${warn}invalid per syntax"
;;
34)
echo "${warn}invalid DN"
;;
68)
echo "${info}entry Already exists!"
;;
*)
echo "${warn}Undefined ERROR - LDAP CODE $LDAP_INSERT"
echo "${warn}See LDAP Log for Details!"
esac
###############################################
#
# Maildir Stuff
#
###############################################
# Lets try to create the home directory container
# these commands will fail if they already exist
# but thats not a problem, we'll still be able to
# change into the directories to create the homdirectory
cd /var/spool/imap/user
mkdir $OU
chown vmail.vmail $OU
cd $OU
mkdir $O
chown vmail.vmail $O
cd $O
# Now make the home directory and maildirs
mkdir $EMAIL
cd $EMAIL
/usr/lib/courier/bin/maildirmake Maildir
cd Maildir
/usr/lib/courier/bin/maildirmake .Drafts
/usr/lib/courier/bin/maildirmake .Sent
/usr/lib/courier/bin/maildirmake .Trash
echo "INBOX" > courierimapsubscribed
echo "INBOX.Sent" >> courierimapsubscribed
echo "INBOX.DRAFTS" >> courierimapsubscribed
echo "INBOX.Trash" >> courierimapsubscribed
echo "INBOX.Spam" >> courierimapsubscribed
cd ../..
chown -R vmail.vmail $EMAIL
cd
echo -en "${esc}[m\017"
echo -n ""
authtest $EMAIL
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
