Kolab User Passwords

Fri Dec 27 23:30:56 UTC 2024

Hello,

brute force method:

1. Make an archive using this method:

http://web.archive.org/web/20240524220349/https://docs.kolab.org/administrator-guide/backup-and-restore.html

You will get text files in which the password will look like this:

userPassword:: 
e1NTSEE1MTJ9MTRGcXZpbE5ScU1mdGNGMFhyYkFZdy9tUkNQcGp5bHZmQ09VTFp
  kcWJwQ2FXY2ZtN2Y0NWptZnJsRnVSeVpLOVk1eHJ4U25wRTA1WFNQajhYYk0vQnR4dzUrN05rMlVz

2. Copy and paste a password from another user whose password you know 
to a user whose password doesn't work. Don't tell any user about this! :)

3. Restore the backup using the description above. It is probably 
possible to improvise to perform a partial restore.

4. Cheers and Happy New Year! :)

Valentin Laskov

На 25.12.24 г. в 14:40 ч., Reitelbach, Thomas написа:
> Hello list,
>
> I'm running Kolab 16 on CentOS 7 with multi domain support (4 Domains) 
> for some years now.
>
> Today I added a new Kolab User and set the password. But the new user 
> can't login with roundcube ("Login failed" says roundcubemail). And 
> the logs also say failed login.
>
> Old users can still login as usual with their password.
>
> After some investigation I found that "kolab user-info user at domain" 
> shows a "userpassword:" with
>
> u'{SSHA512}................'
>
> and old users are encrypted like this:
> u'{SSHA}................'
>
> I guess that with some system update something in the underlying 
> system has changed and new passwords are beeing stored as SHA512 now, 
> which makes roundcube or ldap fail to check the password.
>
> Has anyone help for me? Can I setup how roundcube webadmin will encode 
> the password in LDAP?
> Can I manually set the password in LDAP?
> I'm not familiar with LDAP queries and need help with that.
>
> Have a nice Christmas :)
>
> Thomas
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users