View Issue Details

IDProjectCategoryView StatusLast Update
0001832SOGoBackend Generalpublic2012-06-18 13:26
Reporterrelu_parfene Assigned Toludovic  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version1.3.16 
Target Version1.3.17Fixed in Version1.3.17 
Summary0001832: Broken password change in LDAP resulting no login to SOGo
Description

I updated to version 1.3.16 and everything went perfectly, except change
the password (I have users in LDAP). After changing the password from
the web interface I can not read emails, contacts and do not see any
events in calendars. After getting out of the web interface I can not
log in with new password nor with the old one. Apparently the password
is changed to something not related to password inserted by me.

TagsNo tags attached.

Activities

the_nic

the_nic

2012-06-09 03:45

reporter   ~0004034

Whats the userPasswordAlgorithm you are using?

relu_parfene

relu_parfene

2012-06-09 05:52

reporter   ~0004035

I updated again to version 1.3.16 and I did the tests again, this time more carefully. In my 1.3.15a configuration userPasswordAlgorithm was not configured, so passwords were stored in clear text. After upgrading to 1.3.16 LDAP passwords was saved in the form {none}clear_text_password. This has screwed up my authentication for Dovecot, which is authenticated on the same LDAP. Thus, the web interface started with a long timeout caused by mail module. However , I noticed that the contacts and calendars were functional. After I configured userPasswordAlgorithm to ssha or crypt I noticed that I could successfully change the password. I still have problems with some encryption algorithms and Dovecot but that's another story. So my new conclusion is that is not a bug, but a feature. Sorry for the confusion that I created.

the_nic

the_nic

2012-06-09 07:46

reporter   ~0004036

If you want to store the passwords in clear text just use "plain" as userPasswordAlgorithm.
As a side note, if the passwords are stored as {scheme}pass (as it is with 1.3.16), dovecot should be able to authenticate the users (as long as the scheme is known)

Hans de Groot

Hans de Groot

2012-06-11 04:28

reporter   ~0004039

Hi. I am trying the crypt-md5 and it's not working.
I copied my crypted password from /etc/shadow and looks something like this:

$1$Mqbq7yuR$t2CF7SCtiqcdLDpfT8.LI.

When using

    <key>userPasswordAlgorithm</key>
    <string>crypt</string>    

I can login and do every thing until I change the passsword. than it becomes a short crypt password.

This sort of feels like readonly crypt-md5 support.

Now version 1.3.16 is supposed to have real crypt-md5 support, but when I change my config to

    <key>userPasswordAlgorithm</key>
    <string>crypt-md5</string>    

Cannot login.

I tried with prependEncryptionScheme YES and NO

I of course use mysql authentication, not ldap.

Am I doing something wrong here? Or is it a bug?

the_nic

the_nic

2012-06-11 04:30

reporter   ~0004040

Try md5-crypt. This is a documentation mistake.

Hans de Groot

Hans de Groot

2012-06-11 05:29

reporter   ~0004041

Last edited: 2012-06-11 05:30

Thanks. That did the trick. now it is working :-) (login and password change)

ludovic

ludovic

2012-06-11 08:51

administrator   ~0004042

Re-opening the issue since it's a documentation mistake.

ludovic

ludovic

2012-06-18 13:26

administrator   ~0004070

Fixed.

Issue History

Date Modified Username Field Change
2012-06-09 02:05 relu_parfene New Issue
2012-06-09 03:45 the_nic Note Added: 0004034
2012-06-09 05:52 relu_parfene Note Added: 0004035
2012-06-09 07:46 the_nic Note Added: 0004036
2012-06-11 04:28 Hans de Groot Note Added: 0004039
2012-06-11 04:30 the_nic Note Added: 0004040
2012-06-11 05:29 Hans de Groot Note Added: 0004041
2012-06-11 05:30 Hans de Groot Note Edited: 0004041
2012-06-11 07:04 Christian Mack Status new => closed
2012-06-11 07:04 Christian Mack Resolution open => no change required
2012-06-11 08:51 ludovic Target Version => 1.3.17
2012-06-11 08:51 ludovic Note Added: 0004042
2012-06-11 08:52 ludovic Status closed => acknowledged
2012-06-18 13:26 ludovic Note Added: 0004070
2012-06-18 13:26 ludovic Status acknowledged => resolved
2012-06-18 13:26 ludovic Fixed in Version => 1.3.17
2012-06-18 13:26 ludovic Resolution no change required => fixed
2012-06-18 13:26 ludovic Assigned To => ludovic
2012-06-18 13:26 ludovic Status resolved => closed