Está en la página 1de 3

SQL Authentication Howto NOTE: This page is a wor in progress, and has not been tested.

It may or may n ot be of any use, may contain numerous errors, and may turn your tongue a strang e color. Use at your own ris . First, install and configure MySQL (root user and password, access rules, firewa ll rules, etc) following the directions found on numerous web sites on the inter net. This will be operating system dependent, and vary based on your needs. Next, install Horde and IMP, following directions found elsewhere on this wi i. Specific instructions vary by operating system and your access to the system. Then, install dovecot, following the instructions on http://wi i.dovecot.org/ an d configure dovecot to use MySQL as per the directions at http://wi i.dovecot.or g/AuthDatabase/SQL We will assume that dovecot's SQL database is setup li e the example at http://w i i.dovecot.org/AuthDatabase/SQL:

CREATE TABLE users ( userid VARCHAR(128) NOT NULL, domain VARCHAR(128) NOT NULL, password VARCHAR(64) NOT NULL, home VARCHAR(255) NOT NULL, uid INTEGER NOT NULL, gid INTEGER NOT NULL ); Now, configure IMP: Edit/Create horde/imp/config/servers.local.php and set 'hordeauth' => 'full' so users only need to login once (Horde passes authentication data to IMP) Now, configure Horde: Bac up your horde/config/conf.php file Bac up any relevant MySQL databases, if they have live/important data in the m b. Switch the authentication bac end driver to "SQL authentication w/custom-mad e queries" Set the phptype setting to "MySQL" Set the protocol values appropriately for your situation. Set the username and password parameters to the SQL database username and pa ssword you set when creating the database. Set the database field to the name of the database that contains the credent ial data - in this example, "users". Choose the appropriate encryption algorithm for your authentication data. Th is obviously should match the algorithm that was used to create any existing cre dentials. If you are not using domains, then use the following queries: Log in to Horde as an administrative user Navigate: Administration -> Setup -> Horde, and select the Authentication ta

For query_auth, enter: SELECT * FROM users WHERE userid = \L AND password = \P For query_add, enter: INSERT INTO users (userid, password, home) VALUES (\L, \P), concat('/home/', \L)) NB: You may need to change the "home" value to point to their home directory or file space; This value is not needed/used by Horde. For query_getpw, enter: SELECT password FROM users WHERE userid = \L For query_update, enter: UPDATE users SET userid = \L WHERE userid = \O For query_resetpassword, enter: UPDATE users SET password = \P WHERE userid = \L For query_remove, enter: DELETE FROM users WHERE userid = \L For query_list, enter: SELECT * FROM users For query_exists, enter: SELECT 1 FROM users WHERE userid = \L If you are using domains, then use the following queries: For query_auth, enter: SELECT * FROM users WHERE userid = SUBSTRING_INDEX(\L , '@', 1) AND domain = SUBSTRING_INDEX(\L, '@', -1) AND password = \P For query_add, enter: INSERT INTO users (domain, userid, password, home) VAL UES ( SUBSTRING_INDEX(\L, '@', -1), SUBSTRING_INDEX(\L, '@', 1), \P, '/home/\L') For query_getpw, enter: SELECT password FROM users WHERE userid = SUBSTRING_ INDEX(\L, '@', 1) AND domain = SUBSTRING_INDEX(\L, '@', -1) For query_update, enter: UPDATE users SET userid = SUBSTRING_INDEX(\L, '@', 1) AND domain = SUBSTRING_INDEX(\L, '@', -1) WHERE userid = SUBSTRING_INDEX(\O, '@', 1) AND domain = SUBSTRING_INDEX(\O, '@', -1); For query_resetpassword, enter: UPDATE users SET password = \P WHERE userid = SUBSTRING_INDEX(\L, '@', 1) AND domain = SUBSTRING_INDEX(\L, '@', -1) For query_remove, enter: DELETE FROM users WHERE userid = SUBSTRING_INDEX(\L , '@', 1) AND domain = SUBSTRING_INDEX(\L, '@', -1) For query_list, enter: SELECT * FROM users For query_exists, enter: SELECT 1 FROM users WHERE SUBSTRING_INDEX(\L, '@', 1) AND domain = SUBSTRING_INDEX(\L, '@', -1) NB: We do not (in this wi i page) use the uid/gid fields. If you need these fie lds, you will need to modify the queries to include them, as appropriate. In th e same vain, you could add additional fields as well, if needed or desired. If you need to use multiple virtual domains, you might see the web page http://w i i.vpslin .com/HOWTO:_ISP-style_Email_Server_with_Debian-Etch_and_Postfix_2.3 w hich could provide much inspiration for the sql database setup.

Comment from another user: You can also do it the other way - let Dovecot authen ticate against the Horde users table, li e I do: 1. Add a dovecot user to the SQ L server (I use PostgreSQL). 2. Amend permissions for the the 'horde_users' table to give the 'dovecot' user read (SELECT) permission. 3. Use the following (amend as needed - the example assumes you are using Postgr eSQL) in /etc/dovecot/dovecot-sql.conf: #/etc/dovecot/dovecot-sql.conf driver = pgsql connect = host=localhost dbname=horde user=dovecot password= default_pass_scheme = MD5-CRYPT password_query = SELECT user_uid AS username, user_pass AS password e_users WHERE user_uid = '%u' iterate_query = SELECT user_uid AS username FROM users

FROM hord

4. I use a static user database in Dovecot, so I didn't need the "user_query" 5. Add the following to /etc/dovecot/dovecot.conf: userdb { args = uid=vmail gid=vmail home=/srv/dovecot/%u driver = static } passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf } Amend the above to suit your setup. Don't forget to set MD5-CRYPT as password en cryption in Horde as well. One advantage of doing things this way is that passwo rds can be changed and new users added through Horde - and they will apply to Do vecot as well. 200918715569