Hello,
I tried to install SOGo 1.3.10 last week and succeeded at first (using
my own user table in MySQL). I could log in and edit my data, browse my
mails, all features were working.
Then I wanted to re-use the existing user table which postfix and
dovecot already share; I administer it normally using PostfixAdmin. And
that's where I am right now, I just can't make it work!
The MD5-CRYPT algorithm used for the passwords in the postfix/dovecot
user table - e.g. "password" would become
"9186d855e11eba527a7a52ca82b313e180d62234f0acc9051b527243d41e2740" as
hash (just for reference).
I created a view in SOGo's own MySQL database so SOGo would be able to
access the data inside its own context (using u...@domain.tld scheme as
user names in SOGo):
CREATE OR REPLACE SQL SECURITY INVOKER VIEW postfix_users_view AS SELECT
postfixadmin.mailbox.username AS c_uid, postfixadmin.mailbox.username AS
c_name, postfixadmin.mailbox.username AS mail,
postfixadmin.mailbox.password AS c_password, postfixadmin.mailbox.name
AS c_cn from postfixadmin.mailbox where postfixadmin.mailbox.active > 0
When I log into the MySQL client as the user that SOGo uses, I can query
the view. No access problems.
I configured SOGo to use the user data source like this:
<key>SOGoUserSources</key>
<array>
<dict>
<key>canAuthenticate</key>
<string>YES</string>
<key>displayName</key>
<string>All Users</string>
<key>id</key>
<string>users</string>
<key>isAddressBook</key>
<string>YES</string>
<key>type</key>
<string>sql</string>
<key>userPasswordAlgorithm</key>
<string>crypt</string>
<key>viewURL</key>
<string>mysql://sogouser:sogopassword@localhost:3306/sogodb/postfix_users_view</string>
</dict>
</array>
I dug through the mailing list, but all I could find was that the
undocumented userPasswordAlgorithm "crypt" is the alias for MD5-CRYPT. I
searched in the code and found nothing that would contradict this - but
I have to admit that I didn't see any Objective-C code before today, so
I might be mistaken. I just noticed that the salt was specified and
commented as "insecure", but I couldn't figure out which value is taken
there.
The only thing the log file says is:
SOGoRootPage Login for user 'm...@mydomain.tld' might not have worked -
password policy: 65535 grace: -1 expire: -1 bound: 0
Now my plea: Could anyone please help? Should I reformat the hash value
in the view using "$1$" as prefix or something like that? I have already
tried some combinations, but didn't hit the jackpot...
It seems to me that it all boils down to two questions:
1. What format must the stored hash value have?
2. Is there a specific salt which has to be used?
Thanks in advance!
Kind regards
Mathis
PS: Corrado Fiore, perhaps you could shed some light? You addressed a
similar problem in February... Thanks!
PPS: Perhaps someone also using the "crypt" userPasswordAlgorithm could
post the hash value for the password "password" so I can compare the
format...
--
users@sogo.nu
https://inverse.ca/sogo/lists
