1 Topic by luxus

  • luxus
  • Member
  • Offline
  • Registered: 2011-03-04
  • Posts: 46

Topic: Login for new user failed after upgrade

I've recently upgrade iRedAdmin-Pro-LDAP to version 2.3.1 on Centos 6.

I've added the following settings to settings.py:

LOCAL_TIMEZONE = 'GMT+01:00'
DEFAULT_PASSWORD_SCHEME = 'PLAIN'
STORE_PASSWORD_IN_PLAIN_TEXT = True
HASHES_WITHOUT_PREFIXED_PASSWORD_SCHEME = ['NTLM', 'PLAIN']
PASSWORD_HAS_UPPERCASE = False
PASSWORD_HAS_SPECIAL_CHAR = False
MAILDIR_HASHED = False

Most of it seems to work but it still adds the prefixed password scheme to the password. When I manually add the password in phpLDAPadmin the user can login, when entered in iRedAdmin-Pro it tells me the password is incorrect.

It also seems the LDIF export is not updated immediately.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Login for new user failed after upgrade

What's the password added with phpLDAPadmin? and what's the one added with iRedAdmin-Pro?

By the way, use plain password is very bad practice.

3 Reply by luxus

  • luxus
  • Member
  • Offline
  • Registered: 2011-03-04
  • Posts: 46

Re: Login for new user failed after upgrade

For example. I tried entering the password welkom1 in iRedAdminPro and the password welkom2 in phpldapadmin.

When looking at the ldif export when the password is entered using iRedAdminPro the password field looks like
{PLAIN}welkom1. When using phpldapadmin to enter the password the ldif field looks like welkom2 so without the prefix.

I'm unable to login into Roundcube when the password is entered in iRedAdmin, but I am able to login when I edit the password manually in phpldapadmin.

When I compare the password in phpldapadmin it uses 14 dots for the saved password and only 7 for the entered password to compare it with and it tells me the passwords match.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Login for new user failed after upgrade

i checked iRedAdmin-Pro source code, it should correctly generate password without '{PLAIN}' prefix:

# File: libs/iredpwd.py, function generate_password_hash()
...
        elif scheme == 'PLAIN':
            if 'PLAIN' in settings.HASHES_WITHOUT_PREFIXED_PASSWORD_SCHEME:
                pws.append(p)
            else:
                pws.append('{PLAIN}' + p)
...

And i did a test with the latest iRedAdmin-Pro-LDAP, it does work as expected, password doesn't contain '{PLAIN}' prefix.

Did you try to restart Apache or uwsgi (if you're running Nginx) service and try again?