[horde] Getting horde to authenticate against dovecot DB

Sat Aug 17 14:45:55 UTC 2019

Quoting Michael J Rubinsky <mrubinsk at horde.org>:

> Quoting Coy Hile <coy.hile at coyhile.com>:
>
>> Hi all,
>>
>> I'm currently trying to get Horde to authenticate against my  
>> Dovecot virtual user database, as I want the ActiveSync  
>> functionality that is missing from other solutions. However, I'm  
>> having a hard time getting the passwords in a form that both Horde  
>> and Dovecot understand.
>>
>> In the dovecot DB, I have:
>>
>>   username    |  domain  |                                           
>>                password
>> ---------------+----------+--------------------------------------------------------------------------------------------------------------------------
>> user at test.com | test.com |  
>> {SHA512-CRYPT}$6$8CK0YWwoEjEvhEwf$58UUMSvPL8fE1p50bfTjHqivp3iwmfk/2sbv9igUT0FhwRc548UaKDWBYCvgrOyDfT81u9dLEJ7ulHLFbvbSq/
>>
>>
>> conf.php contains (in relevant part):
>>
>> $conf['auth']['params']['query_auth'] = 'SELECT * FROM users WHERE  
>> username=\L AND password=\P';
>> $conf['auth']['params']['encryption'] = 'crypt-sha512';
>> $conf['auth']['params']['show_encryption'] = false;
>> $conf['auth']['driver'] = 'customsql';

Oh, and one more thing I noticed: You have show_encryption as false,  
but your password string looks like it DOES contain the encryption type.

>>
>> In syslog, one sees:
>>
>> Aug 16 21:39:23 8616546e-fcab-e37b-a25a-c746648411f7 HORDE: [horde]  
>> SQL  (0.0014s)  #012#011SELECT * FROM users WHERE  
>> username='user at test.com' AND#012#011   
>> password='$6$jCCF2GRqLkldtA6u$NMZosKqif68Ro0HjRTGy7Y/tqUuGEMYq.oZ5OqcX#012#011  NAC3PW7jMhsL.ZzdE67vjw6Bx6gIgoQh.d.3syBdYUC4j0' [pid 2321 on line 241 of  
>> "/usr/share/php/Horde/Db/Adapter/Pdo/Base.php"]
>> Aug 16 21:39:23 8616546e-fcab-e37b-a25a-c746648411f7 HORDE: [horde]  
>> FAILED LOGIN for user at test.com to horde (10.100.9.20) [pid 2321 on  
>> line 198 of "/usr/share/horde/login.php"]
>>
>> So, that brings up some questions:
>> (1) Is the data in the log actually correct? Why are there what  
>> appear to be "#012#011  " in the middle of the query?
>> (2) Am I completely taking the wrong approach here? Is there a  
>> better way to get these two things to play nice, or do I have to  
>> finesse something in the SQL queries to make this work?
>>
>> I'll probably only use this as a front end to activesync, which  
>> will talk to the same Dovecot instance eventually.
>
>
> You are probably missing the 'query_getpw' query. You need a query  
> that will load the password first, in order to get the salt before  
> we can verify the user provided password. Something like
>
> 'SELECT password FROM you_table WHERE username = \L'
>
> See towards the end of the following post for more info:
>
>
> https://theupstairsroom.com/116
>
>
>
>> Thanks,
>> -c
>>
>> -- 
>> Coy Hile
>> coy.hile at coyhile.com
>> -- 
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
>
>
> -- 
> mike
> The Horde Project
> http://www.horde.org
> https://www.facebook.com/hordeproject
> https://www.twitter.com/hordeproject

-- 
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 9272 bytes
Desc: PGP Public Key
URL: <https://lists.horde.org/archives/horde/attachments/20190817/03de5b90/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 821 bytes
Desc: PGP Digital Signature
URL: <https://lists.horde.org/archives/horde/attachments/20190817/03de5b90/attachment-0003.bin>