Horde 5.1 backends

Discussion in 'ISPConfig 3 Priority Support' started by sjswarts, Jul 23, 2013.

  1. sjswarts

    sjswarts New Member

    G'day guys,

    Just wanted to know if this will work, I don't want to try because it might break my system.

    Basically I'm using Horde 5 Webmail and I want to utilize the passwd package so that users can change their ISPConfig passwords inside the WebGUI

    So far I have gleaned this from previous tutorials (If anyone wants to make a new tutorial - Till? Falko?)

    $backends['sql'] = array (
      'disabled' => false,
      'name' => 'SQL Server',
      'preferred' => '',
      'policy' => array(
        'minLength' => 7,
        'maxLength' => 64,
        'maxSpace' => 0,
        'minNumeric' => 1,
      'driver' => 'Sql',
      'params' => array(
        'phptype' => 'mysql',
        'hostspec' => 'localhost',
        'username' => 'root',
        'password' => '***',
        'encryption' => 'crypt-md5',
        'database' => 'ISPCONFIG_DATABASE',
        'table' => 'mail_user',
        'user_col' => 'email',
        'pass_col' => 'password',
        'show_encryption' => false
        // The following two settings allow you to specify custom queries for
        // lookup and modify functions if special functions need to be
        // performed. In places where a username or a password needs to be
        // used, refer to this placeholder reference:
        // %d -> gets substituted with the domain
        // %u -> gets substituted with the user
        // %U -> gets substituted with the user without a domain part
        // %p -> gets substituted with the plaintext password
        // %e -> gets substituted with the encrypted password
        // 'query_lookup' => 'SELECT user_pass FROM horde_users WHERE user_uid = %u',
       // 'query_modify' => 'UPDATE horde_users SET user_pass = %e WHERE user_uid = %u',
    Will this still work? Is the encryption method still right?
  2. sjswarts

    sjswarts New Member

    Another backend issue is with authentication using IMP

    This is my /imp/config/backends.local.php excerpt:

    // IMAP server
    $servers['imap'] = array(
        // ENABLED by default; will connect to IMAP port on local server
        'disabled' => false,
        'name' => 'ISPConfig Server',
        'hostspec' => 'localhost',
        'hordeauth' => full,
        'protocol' => 'imap',
        'port' => 993,
        // Plaintext logins are disabled by default on IMAP servers (see RFC 3501
        // [6.2.3]), so TLS is the only guaranteed authentication available by
        // default.
        'secure' => 'tls',
    However it comes up with "Login Failed"???

    Any idea guys
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    I'am sorry, I'am not familar enough with horde to help you with this issue.


    Try to not use tls. If horde is installed on the same server that runs the imap daemon and communicates trough localhost, then you dont need any encryption.
  4. sjswarts

    sjswarts New Member

    I've tried:

    port 143 - tls
    port 143 - no security
    port 993 - ssl

    I know that these user accounts have access because I can use the following command to prove that:

    openssl s_client -connect mail.example.com:143 -starttls imap

    Obviously changing the port to suit.

    hmmm, seems odd.
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Does the default webmail client which is installed as part of the perfect setup guides for ispconfig (squirrelmail) work?
  6. sjswarts

    sjswarts New Member


    Ok I figured it out.

    The issue was that I didn't understand Horde properly - now I understand it a little more.

    Horde has under Administration/Horde/Permissions an option to enable or disable (default). Well reading up on Active Sync controls and security I enabled it but as a result the whole permission system for Horde turns on.

    Long story short IMP was correctly authenticating via IMAP on port 143 TLS but the user wasn't authorized in Hordes Permission system. As a result the user wasn't authenticated. In essence I guess it had 2 Authentication mechanisms.

Share This Page