Re: [SOGo] Password management

2023-08-19 Thread smizr...@alinto.eu 

Dear Michele,

We have implemented a password change at login mechanism 
(https://github.com/Alinto/sogo/blob/master/Documentation/SOGoInstallationGuide.asciidoc#password--force-user-password-change-at-login)
 
It will be available on next release and from now on nightly build.

Sebastien

Le Vendredi, Août 18, 2023 19:20 CEST, "mcianchi" (m.cian...@securcrea.com) 
 a écrit:
 We have installed iRedMail with the SOGo interface and have used Mail Store 
for email archiving. There is the possibility to integrate a script into the 
SOGo password change procedure in order to automate the password change for 
Mail Store through APIs.

Otherwise, users are required to change their password in SOGo and then connect 
to Mail Store to perform the same password change.

Michele Cianchi   
   

 

Re: [SOGo] Password change date with the SQL back-end

2023-07-04 Thread vilius.bau...@gmail.com 
On Sun, Jul 2, 2023 at 7:38 PM Vilius Baušys 
wrote:

> Hi Sogo users,
>
> I'm trying to configure Iredmail plugin sql_force_change_password
> 
> to force users to change their passwords. The plugin itself works fine, but
> it seems that Sogo does not record password change timestamp:
>
> Jul 02 19:25:20 sogod [3128203]: |SOGo| starting method 'POST' on uri
> '/SOGo/so/changePassword'
> Jul 02 19:25:20 sogod [3128203]: |SOGo| request took 0.495773 seconds to
> execute
> Jul 02 19:25:20 sogod [3128203]: 78.57.31.125 "POST
> /SOGo/so/changePassword HTTP/1.0" 204 0/73 0.505 - - 532K - 14
>
> I also do not see any related column in the users table:
> MariaDB [sogo]> desc users;
> ++--+--+-+-+---+
> | Field  | Type | Null | Key | Default | Extra |
> ++--+--+-+-+---+
> | c_uid  | varchar(255) | NO   | | |   |
> | c_name | varchar(255) | NO   | | |   |
> | c_password | varchar(255) | NO   | | |   |
> | c_cn   | varchar(255) | NO   | | |   |
> | mail   | varchar(255) | NO   | | |   |
> | domain | varchar(255) | NO   | | |   |
> ++--+--+-+-+---+
> 6 rows in set (0.001 sec)
>
> Maybe I missed some of the configurable option to capture the password
> change timestamp?
>
> Sogo v 5.8.2 (@sogo-build.alinto.int 202305201843)
>

I found an easy workaround by creating a trigger that updates the
corresponding Iredmail column.
Not ideal, but it works.

-- 
Vilius

Re: [SOGo] password

2023-04-15 Thread Odhiambo Washington 
On Sat, Apr 15, 2023 at 1:48 AM "news...@gmx.de"  wrote:

> Hello, I suppose that was a human answer to my question? If so, here is
> my reply: I cannot find the menu item "sogo.conf" under preferences.
> Where is it?
>
> cheers
> neff
>
>
It was a clue, that you need to check your /etc/sogo.conf and you could
refer to
https://www.sogo.nu/files/docs/SOGoInstallationGuide.html#_configuration

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]

Re: [SOGo] password

2023-04-14 Thread "Peter Beck" 
>Hello, I suppose that was a human answer to my question? If so, here is my 
>reply: I cannot find the menu item "sogo.conf" under preferences.
> Where is it?@mail.gmail.com>@sogo.nu>

He meant /etc/sogo/sogo.conf with the parameter "SOGoPasswordChangeEnabled" 
which defaults to "no" if unset.
See documentation at https://www.sogo.nu/files/docs/SOGoInstallationGuide.html

Re: [SOGo] password

2023-04-14 Thread "news...@gmx.de" 

Hello, I suppose that was a human answer to my question? If so, here is
my reply: I cannot find the menu item "sogo.conf" under preferences.
Where is it?

cheers
neff


On 14.04.23 17:24, Odhiambo Washington (odhia...@gmail.com) wrote:

On Fri, Apr 14, 2023 at 4:26 PM "neff"  wrote:


One of the recent updates must have removed the ability to change the
password
in the General settings. Where do I find that now? Thanks



sogo.conf


--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]

Re: [SOGo] password

2023-04-14 Thread Odhiambo Washington 
On Fri, Apr 14, 2023 at 4:26 PM "neff"  wrote:

> One of the recent updates must have removed the ability to change the
> password
> in the General settings. Where do I find that now? Thanks
>

sogo.conf


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]

Re: [SOGo] Password change on another database

2019-10-11 Thread Christian Mack 
Hello

Am 10.10.19 um 15:05 schrieb David Reis (david.r...@netoxygen.ch):
> Dear All,
> 
> I use IredMail with SOGo but I can not make password change working.
> 
> I configure Mysql backend Auth and everything is working fine except
> password change from SOGo.
> 
> My SOGo users are authentified on a MySQL view based on some tables on
> IredMail database.
> 
> So I can not make the password change working on this view.
> 
> My question is : "Is there a way to customize the MySQL query used to
> update password?"
> 

no, you would need to replace that view with a table, or modify SOGo
and/or SOPE code.


Kind regards,
Christian Mack

-- 
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung Basisdienste
78457 Konstanz
+49 7531 88-4416



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [SOGo] password change with samba4 AD

2016-10-04 Thread "Sean M. Pappalardo" 


On 10/04/2016 01:37 AM, lists (li...@merit.unu.edu) wrote:
> We are there specific requirements on the SOGo server, to accomodate AD
> password changes..?

You might need to check the encryption settings. I know my SOGo couldn't
authenticate users at all after Samba 4.2 until they were adjusted. (I
don't remember which ones now, but likely ones mentioned in the page I
linked before.)

Sincerely,
Sean M. Pappalardo
Sr. Networks Engineer
Renegade Technologies



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [SOGo] password change with samba4 AD

2016-10-04 Thread lists 

Hi Sean,

On 3-10-2016 21:30, "Sean M. Pappalardo" (spappala...@renegadetech.com) 
wrote:

What version of Samba? Do you run Samba from Debian packages?
On the DCs we're on 4.4, and yes: changing passwords from windows works, 
otherwise we would obviously have bigger problems. :-)


We are there specific requirements on the SOGo server, to accomodate AD 
password changes..?


On the server running SOGo, we installed nothing samba-related, only the 
regular SOGo dependancies... (we are NOT running openchange)


MJ
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] password change with samba4 AD

2016-10-03 Thread "Sean M. Pappalardo" 
What version of Samba? Do you run Samba from Debian packages?

I do (v4.2) and have found that there is a problem with users changing
their passwords in general even from Windows clients. I think it has to
do with the increased default security settings Samba 4.2 now uses,
outlined here:
https://anonscm.debian.org/cgit/pkg-samba/samba.git/commit/?h=stable-update=cbcad2a543a28926ee712cf299dbdc03da351cb0

Have you tried having a user change their password from a Windows machine?

Sincerely,
Sean M. Pappalardo
Sr. Networks Engineer
Renegade Technologies



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [SOGo] Password change not possible

2016-02-10 Thread Christian Mack 
Hello

Am 10.02.2016 um 23:47 schrieb Michael Grimbichler:
> 
> New to SOGo and can’t change user passwords in the settings.
> Is this a known bug? Cant see anything in /var/log/messages or 
> /var/log/maillog when hitting the „change“ button.
> Also the fact that there is a „save" button and „change" button is a bit 
> confusing.
> I am running Sogo on CentOS 7 with OpenLDAP and Dovecot.
> Password change is set in the Sogo config and following is my LDAP config.
> 
> 
> olcAccess: {0}to attrs=userPassword,shadowLastChange
>  by dn=„cn=admin,dc=domain,dc=com“ write
>  by dn="uid=dovecot,ou=ServiceAccounts,dc=domain,dc=co,dc=uk“ read
>  by dn="uid=saslauthd,ou=ServiceAccounts,dc=domain,dc=co,dc=uk“ read
>  by anonymous auth
>  by self write
>  by * none
> 
> Do I also need to grant write permission to the SOGo Service account or 
> should it be covered by the „self“ permission?
> 

See:
http://sogo.nu/bugs/view.php?id=3496


Kind regards,
Christian Mack

-- 
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung Basisdienste
78457 Konstanz
+49 7531 88-4416



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [SOGo] Password truncated before validation

2014-10-06 Thread Sven Schwedas 
On 2014-10-06 11:19, Max wrote:
 Hello,
 
 It seems that SOGo is ignoring password value after 8th char.
 I'm using LDAP UserSource on SOGo 2.2.9a-1:amd64 debian package.
 
 I wonder if it's a config problem or a bug.
 Are you able to reproduce?

Using LDAP (/AD) backend as well here, can't confirm the issue even with
32 character passwords. Seems like a configuration issue.

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwe...@tao.at | +43 (0)680 301 7167
http://software.tao.at



signature.asc
Description: OpenPGP digital signature

Re: [SOGo] Password truncated before validation

2014-10-06 Thread Max 

Le 06/10/2014 11:19, Max a écrit :

Hello,

It seems that SOGo is ignoring password value after 8th char.
I'm using LDAP UserSource on SOGo 2.2.9a-1:amd64 debian package.

I wonder if it's a config problem or a bug.
Are you able to reproduce?


Finally not a SOGo issue.
Some users had an old crypt password encryption in ldap db.

Problem solved, thanks guys
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Password change behavior

2013-11-25 Thread Laz C. Peterson 

Also, maybe this will help.  I get messages like this, when trying to open up 
other windows ...

object not found: lpeter...@mydomain.com = Mail = 0 = folderINBOX = 1 = 
popupview
object not found: lpeter...@mydomain.com = preferences
object not found: lpeter...@mydomain.com = logoff

Sometimes it works flawlessly without any logging off or on.  Most of the time 
the problem is taken care of within 1 minute.  Rarely, but sometimes, the issue 
takes over 3 minutes until the user can log back in again.

No cookies or cache on the user's side are impacting this issue.  
Authentication and mail servers seem to work fine without any issue.  I can 
only think there might be an issue within the SOGo database or cache?

Thank you.
~Laz


On Thursday, November 21, 2013 06:45 AM PST, Jean Raby jr...@inverse.ca wrote:
 On 13-11-21 6:45 AM, Jean Raby wrote:
 On 13-11-21 12:09 AM, Laz C. Peterson wrote:
 Yikes.

 Then if it shouldn’t matter, I’m sure there’s something else going on here.
 I'll test it. But why are you running with a 10 seconds cache expiration? 
 that's
 really low.

I think you're running with passwordpolicy enable in sogo, but the
passowrdpolicy overlay is not enabled in openldap.

Just disable password policy in your sogo user source and it will work properly.

Also, you didn't provide your config file, it would have saved us time and
trouble if you had...

(finally, unless you have a good reason to set the cache cleanup interval so
low, you're probably better off keeping it at its default value)
--
users@sogo.nu
https://inverse.ca/sogo/lists
 -- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Password change behavior

2013-11-25 Thread Laz C. Peterson 

Jean~

I cannot seem to figure this out for my life ... (Let's hope it doesn't kill 
me! Ha ha ha.)

I know you are a busy man, but if you could point me in the right direction I 
would greatly appreciate it.  Let me break down the summary of the issue.

-- No other services are running on the server except for SOGo.  Nothing aside 
from my config has been modified.
-- User changes password, and password is immediately updated in the LDAP 
database as well as the Kerberos database.  User can authenticate immediately 
to any Kerberos services as well as LDAP services using the new password.
-- After closing Preferences window, about 70-80% of the time, clicking 
anywhere brings up the login page.
-- If the login page does not show when clicking on any other SOGo link, all is 
well.
-- If the login page does show, most of the time the user will still be unable 
to log on, even if the user goes to another computer and tries a new session.  
The only way I can describe the behavior here is that if the usual URL after 
a successful login is 
https://sogo.paravis.net/SOGo/so/lpeter...@mydomain.com/Mail/view, the URL 
after an unsuccessful login is simply 
https://sogo.paravis.net/SOGo/so/lpeterson.
-- User must wait an undefined period of time, after which everything works 
again with the new password.

I am going to try rebuilding a new server for testing purposes, but I can 
confirm that all LDAP and Kerberos authentication is working great.  The 
password changes perfectly through SOGo.  It seems though that SOGo has 
something cached in its memory that is not being renewed when the password 
changes.  Or maybe it is receiving a response from the LDAP server that makes 
it confused.

Which debug information should I focus my efforts on?  Or how would you suggest 
troubleshooting?  I am truly baffled.  Thank you so much Jean.
~Laz


On Thursday, November 21, 2013 06:45 AM PST, Jean Raby jr...@inverse.ca wrote:
 On 13-11-21 6:45 AM, Jean Raby wrote:
 On 13-11-21 12:09 AM, Laz C. Peterson wrote:
 Yikes.

 Then if it shouldn’t matter, I’m sure there’s something else going on here.
 I'll test it. But why are you running with a 10 seconds cache expiration? 
 that's
 really low.

I think you're running with passwordpolicy enable in sogo, but the
passowrdpolicy overlay is not enabled in openldap.

Just disable password policy in your sogo user source and it will work properly.

Also, you didn't provide your config file, it would have saved us time and
trouble if you had...

(finally, unless you have a good reason to set the cache cleanup interval so
low, you're probably better off keeping it at its default value)
--
users@sogo.nu
https://inverse.ca/sogo/lists
 -- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Password change behavior

2013-11-21 Thread Laz C. Peterson 

Jean,

My apologies for no config file (now attached).  I do have ppolicy enabled in 
the LDAP server, though I am also running another module called smbkrb5pwd 
which synchronizes/updates the user's Kerberos password as well.  I am not sure 
if this has any effect, though it may.  I can confirm that user changing 
password through SOGo preferences immediately updates both Kerberos and LDAP 
passwords successfully, and user can authenticate through Kerberos or LDAP with 
no issues using their new password with other services.

As you can see, I have now disabled the manual setting of 
SOGoCacheCleanupInterval.  I only had that set due to another post I had read, 
not because I felt I needed it.  (Bad idea on my part.)

The most interesting thing I have found is that when the issue happens, I am 
not able to log in using any browser for a period of time.  I feel that 
changing SOGoCacheCleanupInterval to default affects this even more, though I 
really have no idea.  SOGo authenticates successfully, but never makes it past 
the login screen.  The URL that shows after attempted (successful?) login is 
https://sogo.myemaildomain.com/SOGo/lpeterson ... Not the usual 
https://sogo.myemaildomain.com/SOGo/so/lpeter...@myemaildomain.com/Mail/view.  
And if I type a bad password (for example, the old password), it does respond 
with incorrect password

I am thinking there must be the old password cached somewhere between SOGo, 
LDAP, KDC, or IMAP, but the updated password works quickly for LDAP, KDC, and 
IMAP services.  Relevant services along with SOGo 2.1.1 (Ubuntu 12.04.3) are 
OpenLDAP v2.4.28 (Ubuntu 12.04.3) and Dovecot v2.1.7 (Ubuntu 13.04).

Today is a really bad day for me, but as soon as I get a chance, I am going to 
look into the smbkrb5pwd module that is running alongside ppolicy.  I will 
gladly take any other suggestions, too.

I do appreciate your help very much.  If there is anything I can do to help 
provide more information, please let me know how I can do that.  Thanks again 
Jean.  This is a wonderful piece of software and I am very grateful for your 
efforts.
~Laz


On Thursday, November 21, 2013 06:45 AM PST, Jean Raby jr...@inverse.ca wrote:
 On 13-11-21 6:45 AM, Jean Raby wrote:
 On 13-11-21 12:09 AM, Laz C. Peterson wrote:
 Yikes.

 Then if it shouldn’t matter, I’m sure there’s something else going on here.
 I'll test it. But why are you running with a 10 seconds cache expiration? 
 that's
 really low.

I think you're running with passwordpolicy enable in sogo, but the
passowrdpolicy overlay is not enabled in openldap.

Just disable password policy in your sogo user source and it will work properly.

Also, you didn't provide your config file, it would have saved us time and
trouble if you had...

(finally, unless you have a good reason to set the cache cleanup interval so
low, you're probably better off keeping it at its default value)
--
users@sogo.nu
https://inverse.ca/sogo/lists
 

sogo.conf
Description: Binary data

Re: [SOGo] Password change behavior

2013-11-21 Thread Jean Raby 

On 13-11-21 6:45 AM, Jean Raby wrote:

On 13-11-21 12:09 AM, Laz C. Peterson wrote:

Yikes.

Then if it shouldn’t matter, I’m sure there’s something else going on here.

I'll test it. But why are you running with a 10 seconds cache expiration? that's
really low.

I think you're running with passwordpolicy enable in sogo, but the 
passowrdpolicy overlay is not enabled in openldap.


Just disable password policy in your sogo user source and it will work properly.

Also, you didn't provide your config file, it would have saved us time and 
trouble if you had...


(finally, unless you have a good reason to set the cache cleanup interval so 
low, you're probably better off keeping it at its default value)

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Password change behavior

2013-11-20 Thread Laz C. Peterson 
I might add that the behavior I see in Safari works as I would expect — 
changing password simply changes password and leaves all other functions 
working as they were, including SOGo, email and calendar.

FireFox, on the other hand, exhibits the behavior where the authentication gets 
broken and the website does not display or operate properly until user logs 
back in.

Thanks for any help.
~Laz


On Nov 20, 2013, at 1:16 PM, Laz C. Peterson l...@paravis.net wrote:

 Can someone please fill me in on the expected behavior of SOGo after the user 
 changes their password through preferences?
 
 My users, who can change their passwords just fine through the preferences, 
 get stuck in SOGo after changing the password.  It appears as if they are 
 still logged in, but if they go to write a new message or click on a 
 different feature (such as Calendar), they are presented with a login box.  
 (At this point, they can log in fine using their new password.)
 
 I want to confirm that this is by design, or if there is something I need to 
 look into.  It seems that either the user should not have to relog in at all, 
 or that the user should immediately be logged off and presented with a new 
 login screen.
 
 Thanks for any help.
 ~Laz-- 
 users@sogo.nu
 https://inverse.ca/sogo/lists

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Password change behavior

2013-11-20 Thread Laz C . Peterson 
Jean,

So I went to another computer of mine and tried both FireFox and Safari (sorry, 
no Windows systems here!) and neither worked properly.  On my workstation, 
FireFox does not work, and in further testing, I noticed that Safari did not 
actually work every time.  So I tried a little troubleshooting ...

I changed my password and stayed in the “Preferences” screen for a little while 
before clicking out.  If I stay for a little while without clicking, it seems 
to work!  If I close out almost immediately after and try doing other things, I 
get an error message something like object not found: 
lpeter...@myemaildomain.com = Mail = 0 = compose”.

I do have “SOGoCacheCleanupInterval” set to 10, if that makes any difference.

Attached is the SOGo debug log when it does not work and the SOGo debug log 
when it does.  I honestly don’t know the difference of what we’re looking at 
there.  Maybe I can try and get some better-looking logs for you, just let me 
know how.

Also, the latency and connection between all of the servers is great (0.3ms 
average) …

Thanks again Jean.
~Laz

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

sogo.log-broken
Description: Binary data


sogo.log-working
Description: Binary data



On Nov 20, 2013, at 2:14 PM, Jean Raby jr...@inverse.ca wrote:

 On 13-11-20 4:16 PM, Laz C. Peterson wrote:
 Can someone please fill me in on the expected behavior of SOGo after the 
 user changes their password through preferences?
 
 My users, who can change their passwords just fine through the preferences, 
 get stuck in SOGo after changing the password.  It appears as if they are 
 still logged in, but if they go to write a new message or click on a 
 different feature (such as Calendar), they are presented with a login box.  
 (At this point, they can log in fine using their new password.)
 
 I want to confirm that this is by design, or if there is something I need to 
 look into.  It seems that either the user should not have to relog in at 
 all, or that the user should immediately be logged off and presented with a 
 new login screen.
 Can you explain or post your sogo configuration?
 Anything relevant in the logs?
 
 I just tested this with sogo using openldap as its auth backend and it works 
 as designed. That is:  when I change my password, I can still use sogo 
 without having to log back in.
 
 
 Thanks for any help.
 ~Laz--
 
 
 -- 
 users@sogo.nu
 https://inverse.ca/sogo/lists

Re: [SOGo] Password change behavior

2013-11-20 Thread Laz C. Peterson 
Jean, hello.

You are correct, it does work just fine as you have designed.  Which browser 
are you using?

There was nothing abnormal in the logs, neither on the LDAP server nor the SOGo 
server.  All looks good.  This is not debug logging, however.

Maybe you can try reproducing the problem.  I have been primarily using FireFox 
lately, which is the browser that is not acting properly.  After I sent my 
initial message, I decided to try Safari just for fun, and that worked 
*perfectly*.

If you don’t use FireFox, would you mind trying that out and see if you get the 
same result?

I’m a little confused as to why it would act that way.  Possibly it is an issue 
on my specific workstation’s install of FireFox?

Thanks for your response.  Please let me know if there is any more information 
I can get for you.
~Laz

On Nov 20, 2013, at 2:14 PM, Jean Raby jr...@inverse.ca wrote:

 On 13-11-20 4:16 PM, Laz C. Peterson wrote:
 Can someone please fill me in on the expected behavior of SOGo after the 
 user changes their password through preferences?
 
 My users, who can change their passwords just fine through the preferences, 
 get stuck in SOGo after changing the password.  It appears as if they are 
 still logged in, but if they go to write a new message or click on a 
 different feature (such as Calendar), they are presented with a login box.  
 (At this point, they can log in fine using their new password.)
 
 I want to confirm that this is by design, or if there is something I need to 
 look into.  It seems that either the user should not have to relog in at 
 all, or that the user should immediately be logged off and presented with a 
 new login screen.
 Can you explain or post your sogo configuration?
 Anything relevant in the logs?
 
 I just tested this with sogo using openldap as its auth backend and it works 
 as designed. That is:  when I change my password, I can still use sogo 
 without having to log back in.
 
 
 Thanks for any help.
 ~Laz--
 
 
 -- 
 users@sogo.nu
 https://inverse.ca/sogo/lists

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Password change behavior

2013-11-20 Thread Jean Raby 

On 13-11-20 7:55 PM, Laz C. Peterson wrote:

I do have “SOGoCacheCleanupInterval” set to 10, if that makes any difference.

Why is the cleanup interval set so low?

It should work anyway, but I'm curious. Also, for the record, I was testing with 
chrome. (with the default cache cleanup interval: 300)

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Password Encryption for SOGo with Dovecot and Postfix

2013-08-06 Thread Jan-Frode Myklebust 
On Tue, Aug 06, 2013 at 09:52:46AM +0100, SOGo Noob wrote:
 
 After reviewing your advice I have begun the process of swapping from MySQL
 auth back over to LDAP auth, and can see that functionality via LDAP seems
 much greater.

Cool. 

 
 I have a quick question though, does SOGo have any user administration
 methods without falling back to an LDAP management system? For example, our
 clients normally have one user that would like the ability to create new
 mailboxes and distribution groups etc - is there an easy way to accommodate
 such control or do we need to look at another approach for this?

I don't think SOGo has any user administration features. We do our user
administration by internally developed self-care webpages for our
customers. These just add/delete/modify ldap-users by talking directly
with the directory server. (maybe not really directly, but by submitting a
job to a queueing system that then talks with the directory server)

All our mail provisioning is handled trough LDAP. If a new domain gets
added to o=$domainname.com,o=ISP,o=example,c=com, this will
automatically be used by postfix/dovecot/sogo, and users created there
can immediately receive email and use the webmail.


  -jf
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Password Encryption for SOGo with Dovecot and Postfix

2013-08-06 Thread SOGo Noob 
That was the approach I was planning to take if there was nothing with
SOGo, self-developed secure web admin pages for clients that can handle
changes to LDAP. It's really handy to chat with someone who has deployed
the system in the same way that we plan to - thanks again for your time!


On 6 August 2013 10:12, Jan-Frode Myklebust janfr...@tanso.net wrote:

 On Tue, Aug 06, 2013 at 09:52:46AM +0100, SOGo Noob wrote:
 
  After reviewing your advice I have begun the process of swapping from
 MySQL
  auth back over to LDAP auth, and can see that functionality via LDAP
 seems
  much greater.

 Cool.

 
  I have a quick question though, does SOGo have any user administration
  methods without falling back to an LDAP management system? For example,
 our
  clients normally have one user that would like the ability to create new
  mailboxes and distribution groups etc - is there an easy way to
 accommodate
  such control or do we need to look at another approach for this?

 I don't think SOGo has any user administration features. We do our user
 administration by internally developed self-care webpages for our
 customers. These just add/delete/modify ldap-users by talking directly
 with the directory server. (maybe not really directly, but by submitting a
 job to a queueing system that then talks with the directory server)

 All our mail provisioning is handled trough LDAP. If a new domain gets
 added to o=$domainname.com,o=ISP,o=example,c=com, this will
 automatically be used by postfix/dovecot/sogo, and users created there
 can immediately receive email and use the webmail.


   -jf

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Password Encryption for SOGo with Dovecot and Postfix

2013-08-06 Thread SOGo Noob 
Hi and thanks for taking the time to respond.

After reviewing your advice I have begun the process of swapping from MySQL
auth back over to LDAP auth, and can see that functionality via LDAP seems
much greater.

I have a quick question though, does SOGo have any user administration
methods without falling back to an LDAP management system? For example, our
clients normally have one user that would like the ability to create new
mailboxes and distribution groups etc - is there an easy way to accommodate
such control or do we need to look at another approach for this?

Cheers again


On 5 August 2013 08:59, Jan-Frode Myklebust janfr...@tanso.net wrote:

 On Fri, Aug 02, 2013 at 05:33:15PM +0100, SOGo Noob wrote:
 
  My plan is this:
  We have a new cleanly installed Ubuntu 12.04 server for mail, and we've
  opted to use MySQL for authentication and for basic storage. We will be
  using Postfix and Dovecot for mail transport and imap/pop respectively.
 All
  of which seems to make sense so far, and much of this is configured
 already.
 
  My issue is with choosing the correct password encryption. We need it to
 be
  compatible with SOGo, Dovecot and Postfix, and we need mail client
 support
  for all major platforms.

 I'm working for an ISP, running SOGo for webmail, postfix for SMTP and
 dovecot for LMTP/POP/IMAP -- for a little under 100
 maildomains/1M-accounts. Earlier (before SOGo) we used MySQL for
 user-database, but have moved over to a LDAP (389ds) for holding the
 user-database. And I would strongly advice you to consider doing the
 same.

 All services are speaking directly to the ldap-servers. When users
 needs to authenticate, this is handled trough the ldap bind() operation,
 so that none of the services need to know anything about encryption
 schemes,
 and also they don't have access to read the users' hashes.

 LDAP/389ds gives you proper multi-master setup, so that you can easily
 configure a highly available environment, and also scale out if needed.

  Obviously we need to administer the server too,
  some clean cli commands to generate new passwords would be great. What
  would the list recommend as an adopted password encryption that is simple
  to deploy but at the same time secure?

 Lots of options for editing LDAP data.. ldapvi, ldapsearch, ldapmodify,
 apache directory studio and probably several web-based options exists.


   -jf

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Password Encryption for SOGo with Dovecot and Postfix

2013-08-05 Thread Jan-Frode Myklebust 
On Fri, Aug 02, 2013 at 05:33:15PM +0100, SOGo Noob wrote:
 
 My plan is this:
 We have a new cleanly installed Ubuntu 12.04 server for mail, and we've
 opted to use MySQL for authentication and for basic storage. We will be
 using Postfix and Dovecot for mail transport and imap/pop respectively. All
 of which seems to make sense so far, and much of this is configured already.
 
 My issue is with choosing the correct password encryption. We need it to be
 compatible with SOGo, Dovecot and Postfix, and we need mail client support
 for all major platforms.

I'm working for an ISP, running SOGo for webmail, postfix for SMTP and
dovecot for LMTP/POP/IMAP -- for a little under 100
maildomains/1M-accounts. Earlier (before SOGo) we used MySQL for 
user-database, but have moved over to a LDAP (389ds) for holding the 
user-database. And I would strongly advice you to consider doing the
same.

All services are speaking directly to the ldap-servers. When users
needs to authenticate, this is handled trough the ldap bind() operation,
so that none of the services need to know anything about encryption schemes,
and also they don't have access to read the users' hashes.

LDAP/389ds gives you proper multi-master setup, so that you can easily
configure a highly available environment, and also scale out if needed.

 Obviously we need to administer the server too,
 some clean cli commands to generate new passwords would be great. What
 would the list recommend as an adopted password encryption that is simple
 to deploy but at the same time secure?

Lots of options for editing LDAP data.. ldapvi, ldapsearch, ldapmodify, 
apache directory studio and probably several web-based options exists.


  -jf
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] password virtual appliance admin ldap

2013-04-04 Thread Francis Lachapelle 
Hi
On 2013-04-03, at 5:45 AM, pva...@parcdesalutmar.cat wrote:

 I downloaded and imported the virtual appliance to virtual box.
 
 The machine it's running.
 
 but i don't find  the password of the ldap admin and i'll like create a new
 user.
 
 Does anyone know please ?

Make a guess. It's sogo.

:)

The DN is cn=admin,dc=example,dc=com.

Francis

--
flachape...@inverse.ca :: +1.514.755.3640 :: http://www.inverse.ca
Inverse :: Leaders behind SOGo (http://sogo.nu) and PacketFence 
(http://packetfence.org)

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] password hashes w crypt-md5 + salt in (My)SQL db in sogo 2.0?

2012-06-14 Thread Hans de Groot 

Hi,

I do know one thing, the documentation states to use crypt-md5 but it should be md5-crypt as authentication method. ie:

 keyuserPasswordAlgorithm/key
 stringmd5-crypt/string

I made a view to my own user table in an other database and that works. So I gues that a view to an ISPConfig database should work too.

Hans de Groot



On Thursday, June 14, 2012 13:00 CEST, Andreas Balg a.b...@xincs.eu wrote:


	
	Oncew more trying to integrate SOGo with ISPConfig 3 managed accounts and mailboxes.
	
	Ive found various mails regarding the support of crypt-md5 password hashes in SQL databases
	(as used by ISPConfig 3 for mail users) so what is the current status of crypt-md with SQLdbs in sogo 2.0 ?
	
	Did anybody figure out how to automate a synchronisation or configure sogo to use an SQL-View
	directly with the database from ISPConfig 3 to authenticate users?
	
	How may we authenticate users against that DB?
	
	cheers
	Andreas Balg