Alexandros G. Fragkiadakis wrote:
> Tomas Kuliavas wrote:
>>>>>> Hi,
>>>>>>
>>>>>> There is a weird problem with change password and squirrelmail 1.5.1.
>>>>>> All passwords are stored in LDAP and they are sha-encoded.
>>>>>>
>>>>>> For example:{SHA}cRDtpNCeBiql5KOQsKVyrA0sAiA=
>>>>>>
>>>>>> The problem is that when some of the users are trying to change their
>>>>>> password, SM says: "Your old password is not correct".
>>>>>>
>>>>>> But, definately the password is correct! I've tried to change it using
>>>>>> Horde and there are no problems at all.
>>>>>>
>>>>>>
>>>>>> Another strange thing is that SM has no problem with other users'
>>>>>> passwords that are also sha-encoded.
>>>>>>
>>>>>> Any ideas?
>>>>>>
>>>>> Why are you using change_ldappass plugin, when SquirrelMail 1.5.1
>>>>> provides
>>>>> change_password plugin?
>>>>>
>>>>> Are you using $ldap_bind_as_manager option in change_ldappass plugin?
>>>>> Could
>>>>> you show sha password entry that is not validated correctly? I also
>>>>> need to
>>>>> know password value used for verification. Plain text value of sha
>>>>> encoded
>>>>> password.
>>>>>
>>>> I'm not using the $ldap_bind_as_manager option.
>>>>
>>>> A password value that cannot be verified is: 1234
>>>> Its sha value is: {SHA}cRDtpNCeBiql5KOQsKVyrA0sAiA=
>>>>
>>>> Thanks
>>>>
>>> I suspect the problem is in functions.php. There is the following line:
>>>
>>> if ($lpass != $cpass) {
>>>
>>>
>>> For some reason this fails although the password is correct.
>> You are not using $ldap_bind_as_manager option. Plugin does not compare
>> passwords. It only locates user's dn and binds to ldap with provided
>> password. Password is verified on ldap server. If ldap_bind fails,
>> password is not correct.
>>
>> There are two places with "Your old password is not correct." message in
>> change_ldappass plugin. If you are not using $ldap_bind_as_manager, you
>> see message generated by ldap_bind call test in
>> plugins/change_ldappass/functions.php 183 line. Enable $debug and check if
>> second "BIND-DN: something" line matches user's dn. If it matches, remove
>> @ symbol in line 183 and check errors generated in ldap_bind() call.
>>
>> 'if ($lpass != $cpass)' test should not fail. Text generated in
>> "base64_encode( pack("H*",sha1('1234')));" call matches your sha password
>> hash.
>>
>>
>>> I you think the change_password is better then i'll try to use it.
>> change_password plugin is bundled with SquirrelMail. It shows same
>> password form to all users and it does not matter which password backend
>> is used. If I could choose, I would prefer change_password over
>> change_ldappass.
>>
> Debugging shows:
>
> Connecting to LDAP Server
> LDAP protocol version was set to 3
> LDAP bind successful.
> LDAP server: myserver
> BIND-DN: anonymous
>
> --------------------------------------------------------
>
> count =>1
> 0 =>
> count =>0
> dn =>uid=myuser, ou=myou, ou=myou, dc=mydc,dc=mydc
>
> --------------------------------------------------------
>
> LDAP bind successful.
> BIND-DN: uid=myuser, ou=myou, ou=myou, dc=mydc,dc=mydc
>
> --------------------------------------------------------
>
> count =>1
> 0 =>
> userpassword =>
> count =>1
> 0 =>{SHA}cRDtpNCeBiql5KOQsKVyrA0sAiA=
> 0 =>userpassword
> uid =>
> count =>1
> 0 =>myuser
> 1 =>uid
> count =>2
> dn =>uid=myuser, ou=myou, ou=myou, dc=mydc,dc=mydc
>
> --------------------------------------------------------
>
> Password type is {SHA}
> Your old password is not correct.
> Stored Password: cRDtpNCeBiql5KOQsKVyrA0sAiA=
> Old Password: cRDtpNCeBiql5KOQsKVyrA0sAiA=
>
>
> If i remove @ from line 183, i get the same output.
> I'll try to use change_password and see what happens.
>
> Thanks
>
>
The change_password plugin works fine, but does it sync the samba
passwords too?
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
--
squirrelmail-users mailing list
Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines
List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
