Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 10th December 2010, 19:25
huey23 huey23 is offline
Junior Member
 
Join Date: May 2010
Posts: 17
Thanks: 1
Thanked 1 Time in 1 Post
Default Virtual Users And Domains With Postfix, And Roundcube?

Hello all,

I recently followed this tutorial:
http://www.howtoforge.com/virtual-us...l-ubuntu-10.04

I noticed it said Squirrelmail but I was wondering if there was a way to use Roundcube instead? If I install Roundcube will I need to do anything special to query for usernames and passwords in the MySQL db?

Any help is appreciated...
Reply With Quote
Sponsored Links
  #2  
Old 11th December 2010, 12:37
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,726 Times in 2,565 Posts
Default

Basically it should be no problem to use Roundcube, but I don't know if it can be configured to also change passwords.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 13th December 2011, 01:58
klonos klonos is offline
Member
 
Join Date: Apr 2007
Posts: 78
Thanks: 5
Thanked 3 Times in 3 Posts
 
Default

I never had any problem setting roundcube up for the virtual users mail server. Its config is pretty straight-forward. The only thing I cannot figure out is how to enable password change.

The core tarball of roundcube includes a 'password' plugin that once enabled provides a "Password" tab in each user account's settings page. Here's an excerpt of its readme file:

Code:
2. Drivers
 ----------

 Password plugin supports many password change mechanisms which are
 handled by included drivers. Just pass driver name in 'password_driver' option.


 2.1. Database (sql)
 -------------------

 You can specify which database to connect by 'password_db_dsn' option and
 what SQL query to execute by 'password_query'. See main.inc.php.dist file for
 more info.

 Example implementations of an update_passwd function:

 - This is for use with LMS (http://lms.org.pl) database and postgres:

	CREATE OR REPLACE FUNCTION update_passwd(hash text, account text) RETURNS integer AS $$
	DECLARE
    	    res integer;
	BEGIN
    	    UPDATE passwd SET password = hash
	    WHERE login = split_part(account, '@', 1)
		AND domainid = (SELECT id FROM domains WHERE name = split_part(account, '@', 2))
	    RETURNING id INTO res;
	    RETURN res;
	END;
	$$ LANGUAGE plpgsql SECURITY DEFINER;

 - This is for use with a SELECT update_passwd(%o,%c,%u) query
	Updates the password only when the old password matches the MD5 password
	in the database

	CREATE FUNCTION update_password (oldpass text, cryptpass text, user text) RETURNS text
    	    MODIFIES SQL DATA
	BEGIN
	    DECLARE currentsalt varchar(20);
	    DECLARE error text;
	    SET error = 'incorrect current password';
	    SELECT substring_index(substr(user.password,4),_latin1'$',1) INTO currentsalt FROM users WHERE username=user;
	    SELECT '' INTO error FROM users WHERE username=user AND password=ENCRYPT(oldpass,currentsalt);
	    UPDATE users SET password=cryptpass WHERE username=user AND password=ENCRYPT(oldpass,currentsalt);
	    RETURN error;
	END

 Example SQL UPDATEs:

 - Plain text passwords:
    UPDATE users SET password=%p WHERE username=%u AND password=%o AND domain=%h LIMIT 1

 - Crypt text passwords:
    UPDATE users SET password=%c WHERE username=%u LIMIT 1

 - Use a MYSQL crypt function (*nix only) with random 8 character salt
    UPDATE users SET password=ENCRYPT(%p,concat(_utf8'$1$',right(md5(rand()),8),_utf8'$')) WHERE username=%u LIMIT 1

 - MD5 stored passwords:
    UPDATE users SET password=MD5(%p) WHERE username=%u AND password=MD5(%o) LIMIT 1
Any pointers of what the right SQL query would be???

These are the corresponding settings in my config:

Code:
// Password Plugin options
// -----------------------
// A driver to use for password change. Default: "sql".
// See README file for list of supported driver names.
$rcmail_config['password_driver'] = 'sql';
Code:
// SQL Driver options
// ------------------
// PEAR database DSN for performing the query. By default
// Roundcube DB settings are used.
$rcmail_config['password_db_dsn'] = '';
Code:
// The SQL query used to change the password.
// The query can contain the following macros that will be expanded as follows:
//      %p is replaced with the plaintext new password
//      %c is replaced with the crypt version of the new password, MD5 if available
//         otherwise DES.
//      %D is replaced with the dovecotpw-crypted version of the new password
//      %o is replaced with the password before the change
//      %n is replaced with the hashed version of the new password
//      %q is replaced with the hashed password before the change
//      %h is replaced with the imap host (from the session info)
//      %u is replaced with the username (from the session info)
//      %l is replaced with the local part of the username
//         (in case the username is an email address)
//      %d is replaced with the domain part of the username
//         (in case the username is an email address)
// Escaping of macros is handled by this module.
// Default: "SELECT update_passwd(%c, %u)"
$rcmail_config['password_query'] = 'SELECT update_passwd(%c, %u)';
PS: ...there's also an API so one can code their own password driver:

Code:
3. Driver API
 -------------

 Driver file (<driver_name>.php) must define 'password_save' function with
 two arguments. First - current password, second - new password. Function
 should return PASSWORD_SUCCESS on success or any of PASSWORD_CONNECT_ERROR,
 PASSWORD_CRYPT_ERROR, PASSWORD_ERROR when driver was unable to change password.
 Extended result (as a hash-array with 'message' and 'code' items) can be returned
 too. See existing drivers in drivers/ directory for examples.
__________________
You can support Howtoforge and all the people behind it too. Consider becoming a supporter. It only costs a few and has to offer so much more than it already does. Take a look here

Last edited by klonos; 13th December 2011 at 02:04. Reason: ...what I've done so far.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail -Ubuntu 8.04 zuluh Server Operation 4 15th October 2008 14:41
[need advice] Postfix/Dovecot (Virtual domains, users) with horde groupware webmail? MAO Installation/Configuration 4 26th August 2008 09:26
[need advice] Postfix/Dovecot (Virtual domains, users) with horde groupware webmail? MAO Server Operation 1 25th August 2008 08:48
Problem With DNS (bind) and Login (RoundCube) use Virtual Users And Domains MAO HOWTO-Related Questions 1 25th April 2008 16:18
Virtual Users And Domains With Postfix, Courier And MySQL (Ubuntu 7.10) ShadyB HOWTO-Related Questions 1 1st April 2008 18:00


All times are GMT +2. The time now is 11:50.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.