>>>> Hi,
>>>>
>>>> There is a weird problem with change password and squirrelmail 1.5.1.
>>>> All passwords are stored in LDAP and they are sha-encoded.
>>>>
>>>> For example:{SHA}cRDtpNCeBiql5KOQsKVyrA0sAiA=
>>>>
>>>> The problem is that when some of the users are trying to change their
>>>> password, SM says: "Your old password is not correct".
>>>>
>>>> But, definately the password is correct! I've tried to change it using
>>>> Horde and there are no problems at all.
>>>>
>>>>
>>>> Another strange thing is that SM has no problem with other users'
>>>> passwords that are also sha-encoded.
>>>>
>>>> Any ideas?
>>>>
>>> Why are you using change_ldappass plugin, when SquirrelMail 1.5.1
>>> provides
>>> change_password plugin?
>>>
>>> Are you using $ldap_bind_as_manager option in change_ldappass plugin?
>>> Could
>>> you show sha password entry that is not validated correctly? I also
>>> need to
>>> know password value used for verification. Plain text value of sha
>>> encoded
>>> password.
>>>
>>
>> I'm not using the $ldap_bind_as_manager option.
>>
>> A password value that cannot be verified is: 1234
>> Its sha value is: {SHA}cRDtpNCeBiql5KOQsKVyrA0sAiA=
>>
>> Thanks
>>
> I suspect the problem is in functions.php. There is the following line:
>
> if ($lpass != $cpass) {
>
>
> For some reason this fails although the password is correct.
You are not using $ldap_bind_as_manager option. Plugin does not compare
passwords. It only locates user's dn and binds to ldap with provided
password. Password is verified on ldap server. If ldap_bind fails,
password is not correct.
There are two places with "Your old password is not correct." message in
change_ldappass plugin. If you are not using $ldap_bind_as_manager, you
see message generated by ldap_bind call test in
plugins/change_ldappass/functions.php 183 line. Enable $debug and check if
second "BIND-DN: something" line matches user's dn. If it matches, remove
@ symbol in line 183 and check errors generated in ldap_bind() call.
'if ($lpass != $cpass)' test should not fail. Text generated in
"base64_encode( pack("H*",sha1('1234')));" call matches your sha password
hash.
> I you think the change_password is better then i'll try to use it.
change_password plugin is bundled with SquirrelMail. It shows same
password form to all users and it does not matter which password backend
is used. If I could choose, I would prefer change_password over
change_ldappass.
--
Tomas
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
--
squirrelmail-users mailing list
Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines
List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
