[commits] [Wiki] changed: SQLAuthHowTo

Wiki Guest wikiguest at horde.org
Sat Apr 25 08:48:58 UTC 2015 

guest [186.220.30.250]  Sat, 25 Apr 2015 08:48:58 +0000

Modified page: http://wiki.horde.org/SQLAuthHowTo
New Revision:  30
Change log:  Add information for Horde/ViMbAdmin auth integration.

@@ -95,4 +95,33 @@
  }


  Amend the above to suit your setup. Don't forget to set MD5-CRYPT as  
password encryption in Horde as well. One advantage of doing things  
this way is that passwords can be changed and new users added through  
Horde - and they will apply to Dovecot as well.
+
+---------------------------------------------------
+''Comment from Deny Dias <deny at macpress dot com dot br>:  
Integrating Horde to ViMbAdmin''
+
+From http://www.vimbadmin.net/:
+
+"The ViMbAdmin project (vim-be-admin) provides a web based virtual  
mailbox administration system allowing mail administrators to manage  
domains, mailboxes and aliases."
+
+To integrate ViMbAdmin as an authentication backend to Horde, you can  
follow this quite simple steps. Pay attention that this method DO NOT  
take into account multiple virtual domains. It also do not provides  
the functions to UPDATE and DELETE users at ViMbAdmin database as this  
may extend vulnerability surface. Just count on ViMbAdmin for the  
regular user management (CRUD).
+
+1. In your database, grant to the {{horde}} user just the minimal set  
of required permissions at ViMbAdmin {{mailbox}} table:
+
+{{GRANT SELECT (`username`, `password`, `active`) ON  
`vimbadmin`.`mailbox` TO 'horde'@'localhost';
+FLUSH PRIVILIGES;}}
+
+2. Configure basic database access as shown above, but use the  
{{horde}} user credentials and prefer unix socket to database  
connection.
+
+3. Add these queries to Horde configuration:
+
+query_auth: {{SELECT username, password FROM mailbox WHERE username =  
\L AND password = \P AND active = 1}}
+query_getpw: {{SELECT password FROM mailbox WHERE username = \L AND  
active = 1}}
+query_list: {{SELECT username FROM mailbox WHERE active = 1}}
+query_exists: {{SELECT 1 FROM mailbox WHERE username = \L AND active = 1}}
+
+4. Leave {{query_add}}, {{query_update}}, {{query_resetpassword}} and  
{{query_remove}} blank.
+
+5. Set {{[auth][params][encryption]}} to the algorithm that fit your needs.
+
+Generate the new configuration file and you're done.

More information about the commits mailing list