1

Topic: SQL to LDAP

==== Required information ====
- iRedMail version: v2.1.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): (MySQL)
- Web server (Apache or Nginx): Apache
- Linux/BSD distribution name and version: FreeBSD 10.1-RELEASE #0 r274401
- Related log if you're reporting an issue:
====

Is there a migration tool / path to switch the backend from SQL to LDAP?
Or, alternatively, a tool to use SQL as LDAP(back-sql)

thanks in advance.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: SQL to LDAP

Unfortunately, no. You have to write script to export sql accounts and convert them to ldap accounts manually.

3

Re: SQL to LDAP

That's pretty much the direction I'm going. For some of the user facing tools,
I'm having to authenticate them via PHP and I'm having trouble figuring exactly which
hashing method is being used when a user is created.

BSD 10, settings.py = DEFAULT_PASSWORD_SCHEME = 'BCRYPT'

Any suggestions?

4

Re: SQL to LDAP

Look at your MySQL Database, at vmail.mailbox at the password column and most likely you'll see your hashed prefixed with the hash thats used, like {SSHA512} or {CRYPT}
Keep in mind, each password might be hashed with a different mechanism due to this, so your script should account for that

5

Re: SQL to LDAP

I've got {CRYPT} on certain users and no prefix on others (which makes sense for my environment, administrative vs. role mailboxes). What I'm struggling with is getting php to the correct method to compare for authentication. Information overload at this point.

6

Re: SQL to LDAP

Why don't you just cut a corner and use imap_open to use Dovecot's internals to check your authentication?

7

Re: SQL to LDAP

without trying that yet, it seems I'm missing something small...
using...
$crypt_password=password_hash($password, PASSWORD_BCRYPT);

[db_password] => {CRYPT}$2a$12
[crypt_password] => $2y$10$f.

8

Re: SQL to LDAP

Prefixing is manual
and the hashes actually contain a salt
the first n bits are the hash, the rest is the salt
in {SSHA512} the first 512 bits are the Hash, whatever is after that is the salt.