SOGoUserSources is generated by a script bootstrap=-sogo.sh on the fly
during the container startup process:
while read -r line gal
do
echo " <key>${line}</key>
<dict>
<key>SOGoMailDomain</key>
<string>${line}</string>
<key>SOGoUserSources</key>
<array>
<dict>
<key>MailFieldNames</key>
<array>
<string>aliases</string>
<string>ad_aliases</string>
<string>ext_acl</string>
</array>
<key>KindFieldName</key>
<string>kind</string>
<key>DomainFieldName</key>
<string>domain</string>
<key>MultipleBookingsFieldName</key>
<string>multiple_bookings</string>
<key>listRequiresDot</key>
<string>NO</string>
<key>canAuthenticate</key>
<string>YES</string>
<key>displayName</key>
<string>GAL ${line}</string>
<key>id</key>
<string>${line}</string>
<key>isAddressBook</key>
<string>${gal}</string>
<key>type</key>
<string>sql</string>
<key>userPasswordAlgorithm</key>
<string>${MAILCOW_PASS_SCHEME}</string>
<key>prependPasswordScheme</key>
<string>YES</string>
<key>viewURL</key>
<string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/_sogo_static_view</string>
</dict>" >> /var/lib/sogo/GNUstep/Defaults/sogod.plist
it turns out the following:
<dict>
<key>XX.XX</key>
<dict>
<key>SOGoMailDomain</key>
<string>xx.xx</string>
<key>SOGoUserSources</key>
<array>
<dict>
<key>MailFieldNames</key>
<array>
<string>aliases</string>
<string>ad_aliases</string>
<string>ext_acl</string>
</array>
<key>KindFieldName</key>
<string>kind</string>
<key>DomainFieldName</key>
<string>domain</string>
<key>MultipleBookingsFieldName</key>
<string>multiple_bookings</string>
<key>listRequiresDot</key>
<string>NO</string>
<key>canAuthenticate</key>
<string>YES</string>
<key>displayName</key>
<string>GAL xx.xx</string>
<key>id</key>
<string>xx.xx</string>
<key>isAddressBook</key>
<string>YES</string>
<key>type</key>
<string>sql</string>
<key>userPasswordAlgorithm</key>
<string>md5</string>
<key>prependPasswordScheme</key>
<string>YES</string>
<key>viewURL</key>
<string>mysql://mailcow:XXXX@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/mailcow/_sogo_static_view</string>
</dict>
As I wrote earlier, queries to the database pass, and users from the
_sogo_static_view table with {BLF-CRYPT} work successfully.
>> Wait thre some ocnfusions, you don’t used ldap but a database
for the user ?
You are right, now I did just that - I launched ldap and took users
from there, adding to sogo.conf ldap section:
SOGoUserSources = (
{
type = ldap;
.....
and now all users work.
вт, 12 дек. 2023 г. в 14:50, qhivert <users@sogo.nu>:
> Wait thre some ocnfusions, you don’t used ldap but a database for the user ?
> What is your SOGoUserSources?
>
> You should have something like this:
> SOGoUserSources =
>
> (
>
> {
>
> type = sql;
>
> id = directory;
>
> viewURL = "postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_view";
>
> canAuthenticate = YES;
>
> isAddressBook = YES;
>
> userPasswordAlgorithm = md5;
>
> }
>
> );
>
>
>
> Quentin
>
> *From:* users-requ...@sogo.nu <users-requ...@sogo.nu> *On Behalf Of *????????
> ????????
> *Sent:* mardi 12 décembre 2023 10:25
> *To:* users@sogo.nu
> *Subject:* Re: [SOGo] Authentication using ldap-md5 password fails
>
>
>
> Sorry, but rollback is not possible.
>
>
>
> I needed to move the mailer to another server. A backup was made on the
> old server, on the new server I launched mailcow, then deployed the backup
> using the backup_and_restore.sh script( (supplied with mailcow).
>
> All containers started successfully, imap / smtp are working for all users.
>
> Sogo also worked, but I tested it on a user with {BLF-CRYPT} password.
>
> A couple of days later, a person contacted me who could not enter sogo. I
> started looking into it and realized that only users with an md5 hash
> cannot log in.
>
>
>
> SOGO current version: 5.9.0
>
> Old ver - i think Sogo 5.8.0, I can't look anymorе, old server is down.
>
>
>
> вт, 12 дек. 2023 г. в 13:30, qhivert <users@sogo.nu>:
>
> Hello, you’ve updated from what sogo version to what? If you rollback your
> mailcow does it work again?
>
> Quentin
>
>
>
> *From:* users-requ...@sogo.nu <users-requ...@sogo.nu> *On Behalf Of *????????
> ????????
> *Sent:* mardi 12 décembre 2023 07:22
> *To:* users@sogo.nu
> *Subject:* [SOGo] Authentication using ldap-md5 password fails
>
>
>
> Good afternoon
>
> I use a mailcow: dockerized mail server with an integrated container
> SOGO. After the update, sogo stopped allowing users whose password hash was
> generated using the {MD5} algorithm. Users whose password is generated by
> {BLF-CRYPT} are authenticated normally. I turned on the logs, in the logs I
> can see access to the database and retrieval of the password hash, but the
> password is not accepted.
>
>
>
> Dec 12 10:26:01 260deb884b40 2023-12-12 10:26:01.627 sogod[69:69]
> <MySQL4Channel[0x0x5562e2feb2e0] connection=0x0x5562e2b3b230> SQL: SELECT
> c_password FROM _sogo_static_view WHERE c_uid = 'pp_pet...@xx.xx';
> Dec 12 10:26:01 260deb884b40 2023-12-12 10:26:01.627 sogod[69:69]
> <MySQL4Channel[0x0x5562e2feb2e0] connection=0x0x5562e2b3b230> query has
> results, entering fetch-mode.
>
> ...
>
> SOGoRootPage Login from 'MY.IP.AD.DR' for user 'pp_pet...@xx.xx' might
> not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0
>
>
>
> "c_password" field on _sogo_static_view contains hash like:
>
> {MD5}ZVN1hovmmV34NCxjRKIDVw==
>
> Base64 encoded MD5 hash
>
>
>
> userPasswordAlg setting:
>
> <key>userPasswordAlgoritm</key>
>
> <string>ldap-md5</string>
>
> i also try md5
>
>
>
> What could be the problem? Plz help me fix it
>
>
