Hi, see section SOGoUserSources in /etc/sogo/sogo.conf and
https://www.sogo.nu/files/docs/SOGoInstallationGuide.html#Authentication-using-SQL.
Section SOGoUserSources is twice (sql and ldap) in config.
I use LDAP version of iRedMail and users are stored only once for SOGo,
dovecot and postfix authentication.
HAF<http://www.sea.cz/>
Dne 28.07.2022 v 20:25 Serveria Support (supp...@serveria.com) napsal(a):
Hi Chris,
Thanks for the exhaustive explanation. :) Everything is pretty clear
until this point:
You use a MySQL database as authentication source.
That has to provide the informations for both services.
-- Which exactly database should provide this information? Dovecot and
SOGO use two completely different databases. SOGO uses a db named
'sogo' whereas Dovecot uses 'vmail' db.
You have to set that information for every user in that database,
before that user can login to either service.
-- Here are the tables from vmail db:
MariaDB [vmail]> SHOW TABLES;
+----------------------+
| Tables_in_vmail |
+----------------------+
| admin |
| alias |
| alias_domain |
| anyone_shares |
| deleted_mailboxes |
| domain |
| domain_admins |
| forwardings |
| last_login |
| mailbox |
| maillist_owners |
| maillists |
| moderators |
| recipient_bcc_domain |
| recipient_bcc_user |
| sender_bcc_domain |
| sender_bcc_user |
| sender_relayhost |
| share_folder |
| used_quota |
+----------------------+
20 rows in set (0.001 sec)
Here are the tables from 'sogo' db:
MariaDB [sogo]> SHOW TABLES;
+------------------------+
| Tables_in_sogo |
+------------------------+
| sogo_acl |
| sogo_alarms_folder |
| sogo_cache_folder |
| sogo_folder_info |
| sogo_quick_appointment |
| sogo_quick_contact |
| sogo_sessions_folder |
| sogo_store |
| sogo_user_profile |
| users |
+------------------------+
10 rows in set (0.001 sec)
-- Where the users are stored in Dovecot db? Where should I place the
'storage_keys' table? In Dovecot or in SOGO db?
When that information is provided, then the user can successfully
login to SOGo. SOGo will initialize the informations for that user in
SOGo, like create its personal calendar and adress book and store its
initial settings. Then it also will contact the configured IMAP
server, and will authenticate to it with the given credentials.
As That IMAP server is your dovecot, and they share the same
authentication source, the user will login successfully the first time
into dovecot. dovecot will then initiate the postbox of that user with
the information given to it from the authentication source and its
configuration.
-- So, if I got it right, the storage keys table should be added to
the Dovecot (vmail) db? SOGO will then grab all the necessary
credentials from Dovecot db automatically?
In order to access the matching information from the "storage_keys"
database, there has to be a connetcion between the user in the
authentication source "users" Table and the user_id.
-- How this can be done?
Thanks in advance!
On 2022-07-28 18:06, Christian Mack wrote:
Hello
Warning, this is a bit long :-)
First you have to grasp the principle of authentication sources.
Authentication sources are Files or databases or LDAP/ActiveDirectory
servers providing information used to authenticate an user.
Usually they contain a unique identifier commonly called "user name"
and some sort to authenticate like password and/or certificate and/or
TOTP secret.
They also store additional information used to grant access privileges
for that user on a per service base.
Dovecot and SOGo are two distinct services.
They have nothing in common, and don't know anything about each other.
That is fine, as they provide their services via interfaces which are
standardized internationally.
SOGo is a user interface provides via HTTP or (better) HTTPS.
It stores user provided information like sessions, settings, calendars
+ events and address books + address cards in a relational database.
It uses internally e.g. IMAP in order to access postboxes of users on
any IMAP capable postbox server.
Dovecot is such an IMAP capable postbox server.
In your scenario you want to use your SOGo service only with your
dovecot service.
Therefore they have to use the same authentication source.
But they need different additional information from that
authentication source, in order to provide their service.
You use a MySQL database as authentication source.
That has to provide the informations for both services.
You have to set that information for every user in that database,
before that user can login to either service.
When that information is provided, then the user can successfully
login to SOGo.
SOGo will initialize the informations for that user in SOGo, like
create its personal calendar and adress book and store its initial
settings.
Then it also will contact the configured IMAP server, and will
authenticate to it with the given credentials.
As That IMAP server is your dovecot, and they share the same
authentication source, the user will login successfully the first time
into dovecot.
dovecot will then initiate the postbox of that user with the
information given to it from the authentication source and its
configuration.
In order to access the matching information from the "storage_keys"
database, there has to be a connetcion between the user in the
authentication source "users" Table and the user_id.
Hope that helps a bit.
Kind regards,
Christian Mack
Am 27.07.22 um 16:32 schrieb Serveria Support (supp...@serveria.com):
Hey guys,
I'm looking to setup a mail server with encrypted storage. I'm
planning to use Dovecot mailserver + crypt or trees plugin for
per-user encryption + SOGO for webmail/groupware. Encryption plugins
need to store some additional data like password hash algo, salt
etc. (see example scheme below) in SQL:
CREATE TABLE `storage_keys` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`enabled` tinyint(4) DEFAULT '1',
`version` tinyint(4) DEFAULT '1',
`public_key` text,
`pwhash_algo` tinyint(4) DEFAULT '1',
`pwhash_opslimit` int(11) DEFAULT NULL,
`pwhash_memlimit` int(11) DEFAULT NULL,
`pwhash_salt` varchar(255) DEFAULT NULL,
`sk_nonce` varchar(255) DEFAULT NULL,
`locked_secretbox` text,
`user_id` int(11) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT DEFAULT
How can I make it work with SOGO? So far, at a first glance, there's
a table named 'users' in SOGO db
which contains usernames, passwords etc of SOGO users. However, it's
not very clear how Dovecot is communicating with SOGO?
Dovecot users = SOGO users? Or SOGO grabs Dovecot users and copies
them into this 'users' table?
Perhaps someone here can guide me on how it works and how to connect
SOGO with Dovecot crypt plugins properly?
BR,
Paul
serveria.com
--
users@sogo.nu
https://inverse.ca/sogo/lists
