Forums

Resolved
0 votes
Hi,

I installed Roundcube webmail by Hand (Just because I like the newer Version better;) and now I am having
trouble getting the password plugin running.
The Error I get is: Invalid Credentials
I tried it with the ldap_simple plugin.

Does anyone know how to do the. Or a least helping me in finding a How to. I couldn't find anythin related to clearos+roundcube+passwdplugin+ldap.

Is it even possible? I not I could help myself by opening Webconfig to the Internet. But I would do that only if I am able to restrict access to normal users.

Thanks for any Help


// config.inc.php
// The Lines i've changed:

$config['password_driver'] = 'ldap_simple';
$config['password_ldap_host'] = '127.0.0.1';
$config['password_ldap_port'] = '389';
$config['password_ldap_starttls'] = false;
$config['password_ldap_version'] = '3';
$config['password_ldap_basedn'] = 'dc=mail,dc=example,dc=ch';
$config['password_ldap_method'] = 'admin';
$config['password_ldap_adminDN'] = 'cn=accounts,ou=Internal,dc=mail,dc=example,dc=ch';
$config['password_ldap_adminPW'] = 'xxxxxx';
$config['password_ldap_searchDN'] = 'ou=Users,ou=Accounts,dc=mail,dc=example,dc=ch';
$config['password_ldap_searchPW'] = 'xxxxxxxxxxxxxxxx';
$config['password_ldap_search_base'] = 'ou=Users,ou=Accounts,dc=mail,dc=example,dc=ch';
$config['password_ldap_search_filter'] = '(uid=%login)';
$config['password_ldap_encodage'] = 'clear';
$config['password_ldap_pwattr'] = 'userPassword';
$config['password_ldap_force_replace'] = true;
$config['password_ldap_lchattr'] = '';
$config['password_ldap_samba_pwattr'] = '';


                                                                        
// LDAP Server settings
// Mode: Standalone
// BaseDomain: mail.example.ch
//
// Publish Policy: Not Published
// Accounts Access: Anonymous
// (tried also with Password Access)
//
// Directory Information
// Mode: Standalone
// Base DN: dc=mail,dc=example,dc=ch
// Bind DN: cn=manager,ou=Internal,dc=mail,dc=example,dc=ch
// Bind Password: xxxxxxxxxxxxxxxx
//
// AccountsDN: cn=accounts,ou=Internal,dc=mail,dc=example,dc=ch
//
// Users: ou=Users,ou=Accounts,dc=mail,dc=example,dc=ch
// Groups: ou=Groups,ou=Accounts,dc=mail,dc=example,dc=ch
// Computers: ou=Computers,ou=Accounts,dc=mail,dc=example,dc=ch
//
Tuesday, June 08 2021, 03:21 PM
Share this post:
Responses (6)
  • Accepted Answer

    Thursday, June 10 2021, 09:09 AM - #Permalink
    Resolved
    0 votes
    I just installed it and tried the password plugin. It doesn't work either. Couldn't save Password. I didn't debug that, because
    I wanted the newer roundcube version anyway ;)
    Maybe there is an other reason why it didn't work. Don't know and don't care. I am happy now and Roundcube should
    get it's money. So: all OK :)
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, June 09 2021, 01:58 PM - #Permalink
    Resolved
    0 votes
    In the purchased app it does not use LDAP at all.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, June 09 2021, 01:42 PM - #Permalink
    Resolved
    0 votes
    Solved :)))

    A tried to change the password on the console:

    ldappasswd -H ldap://127.0.0.1 -D cn=manager,ou=Internal,dc=mail,dc=example,dc=ch \
    -w xxxxxxxxxxxxxxxx -v -a welcome -s welcome2 \
    'cn=Test User,ou=Users,ou=Accounts,dc=mail,dc=example,dc=ch'
    ldap_initialize( ldap://127.0.0.1:389/??base )
    Result: Success (0)


    From here I was able to find the correct settings for the password plugin

    $config['password_driver'] = 'ldap_simple';
    $config['password_ldap_host'] = 'ldap://127.0.0.1';
    $config['password_ldap_port'] = '389';
    $config['password_ldap_starttls'] = false;
    $config['password_ldap_version'] = '3';
    $config['password_ldap_basedn'] = 'dc=mail,dc=example,dc=ch';
    $config['password_ldap_method'] = 'user';
    $config['password_ldap_adminDN'] = null;
    $config['password_ldap_adminPW'] = null;
    //$config['password_ldap_userDN_mask'] = 'uid=%login,ou=people,dc=exemple,dc=com';
    $config['password_ldap_searchDN'] = 'cn=manager,ou=Internal,dc=mail,dc=example,dc=ch';
    $config['password_ldap_searchPW'] = 'xxxxxxxxxxxxxxxx';
    $config['password_ldap_search_base'] = 'ou=Users,ou=Accounts,dc=mail,dc=example,dc=ch';
    $config['password_ldap_search_filter'] = '(uid=%name)';
    $config['password_ldap_encodage'] = 'crypt';
    $config['password_ldap_pwattr'] = 'userPassword';
    $config['password_ldap_force_replace'] = true;
    $config['password_ldap_lchattr'] = '';
    $config['password_ldap_samba_pwattr'] = '';
    $config['password_ldap_samba_lchattr'] = '';


    Success!!

    I don't speak ldap. So this was a lot of try and error :|

    Something I noticed:
    When I change the password with ldappasswd, passwd or roudcube, the user can't change his Password any longer
    from Webconfig. He can login, but cannot change his password.
    It seems the different methods produce different hashes:
    welcome becomes:
    ldappasswd
    e1NTSEF9NXJYd0FrYmlxYThFYUc4MWo2aEZXa3l4VzY5enMzU2E=
    passwd
    e1NTSEF9VlZKT2lDWnpUbStCeDlTWXFqcjI5Rzh2bTZxOUdpL0w=
    roundcube
    e0NSWVBUfSQxJG9XZGpBRTBPJGZTay5qc0xlaFZPOVVhTHJ6RTA5VzE=
    webconfig
    e3NoYX13TEUzL2kxNUpGbnliL2Rqek9SRmRLVzFxd009

    This is completely out of my depth. But as long as everything seems to work....

    Btw:
    No I am not just trying to save some bucks ;) I just like the newer roundcube better. And I have bought the app: Same Problem :)))

    Thanks a lot for your Help
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, June 09 2021, 10:42 AM - #Permalink
    Resolved
    0 votes
    Try removing the password driver entirely.

    Are you just trying to avoid paying the small charge for the app? Try googling "roundcube centos 7" for howtos.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, June 09 2021, 10:17 AM - #Permalink
    Resolved
    0 votes
    I did try the packaged version. The password plugin is set to 'sql' and it doesn't work either. I probably would
    have to set some extra parameters. And so I am in need for a "How to" again ;)

    I could live with the user changing his password with webconfig. But I want to restrict the access to
    webconfig to normal users an deny root access over the Internet. Is there a way to do that?
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, June 08 2021, 04:53 PM - #Permalink
    Resolved
    0 votes
    When I first set up Roundcube, before the ClearOS version was packaged, I did not use any LDAP configs. I think Roundcube then just passes on your credentials to cyrus-imapd. The ClearOS packaged version does not seem to use LDAP either.
    Like
    1
    The reply is currently minimized Show
Your Reply