Results 1 to 8 of 8

Thread: migration from cyrus with encrypted password?

  1. #1
    schose is offline Member
    Join Date
    Feb 2008
    Posts
    12
    Rep Power
    7

    Default migration from cyrus with encrypted password?

    Hello forum,

    I want to migrate my users from cyrus to ZCS. The useraccount's are stored with as md5 in the mysql (pam_mysql).
    I found a small article how to implement the migration with a 3rd authentication store with imapsync on
    User Migration - Zimbra :: Wiki. IMHO there i have to set new account passwords for my users.

    Do anyone see a possibity how to move the users without resetting the useraccount passwords?!

    Thanks for you help in advance!

    Andreas

  2. #2
    anteos's Avatar
    anteos is offline Project Contributor
    Join Date
    Jun 2006
    Location
    Italy
    Posts
    56
    Rep Power
    9

    Default

    Here you can find some useful info: [SOLVED] Massive migration using imapsync, don't know users passwords

    You can create a Cyrus account and add it to the admins section of imapd.conf, then you can use that account as authuser1 in imapsync for all the accounts to migrate

    You have to use AUTH=PLAIN and so imaps
    Stefano Pampaloni
    www.seacom.it

  3. #3
    schose is offline Member
    Join Date
    Feb 2008
    Posts
    12
    Rep Power
    7

    Default

    Thanks anteos for your idears! If this is working, it would mean, that id don't need the passwords for the useraccounts at source cyrus server.

    I wonder if it is possible not to change the passwords for the user. So this is a little bit off-topic - the main question is how to migrate the md5 passwords from mysql into the openldap of zimbra.

  4. #4
    Rich Graves is offline Outstanding Member
    Join Date
    Jan 2007
    Location
    Minnesota
    Posts
    718
    Rep Power
    9

    Default

    "md5" could mean different things. If they look like $1$f98sahyp98fhsaf98hwa then you have something that could be shoved directly into zimbra's openldap with syntax userPassword: {CRYPT}$1$f98sahyp98fhsaf98hwa. Or if you're lucky then you might be able to use the {MD5} scheme.

    Worst case, you have the source, and you have a place to inject PAM modules. Even if you're not a programmer, you can abuse pam_script to temporarily grab you user passwords and feed them to slappasswd or zmprov setPassword.

  5. #5
    anteos's Avatar
    anteos is offline Project Contributor
    Join Date
    Jun 2006
    Location
    Italy
    Posts
    56
    Rep Power
    9

  6. #6
    schose is offline Member
    Join Date
    Feb 2008
    Posts
    12
    Rep Power
    7

    Default

    ok, i think i've got it. Sorry for some wrong information, but i rechecked an noticed that the passwords are not md5, but crypt.

    So i taked the crypted passwords and insert them via ldap browser into the user attribute in zcs openldap. this works for me - now i only have to sync the passwords via script - but this should be no problem!

    i recognized that i have to "zmcontrol stop && zmcontrol start" after changeing the user attribute. is there a shorter way?!

    Again, thanks for your great support!

    Andreas

  7. #7
    Rich Graves is offline Outstanding Member
    Join Date
    Jan 2007
    Location
    Minnesota
    Posts
    718
    Rep Power
    9

    Default

    I'm surprised. Even if Zimbra's mailboxd and/or saslauthd caches password hashes, I'd expect it to double-check LDAP directly on failure.

    You can run ~zimbra/bin/ldap or ~zimbra/bin/zmmailboxdctl to restart just those services without also restarting the MTA (postfix/clamav/amavisd), but since mailboxd takes the longest, this wouldn't be a very big win.

  8. #8
    dkarp is offline Zimbra Employee
    Join Date
    Aug 2005
    Posts
    1,433
    Rep Power
    11

    Default

    Quote Originally Posted by schose View Post
    i recognized that i have to "zmcontrol stop && zmcontrol start" after changeing the user attribute. is there a shorter way?!
    If you wait 15 minutes, the cache will time out and Zimbra will fetch the correct hashed password from LDAP.
    Bugzilla - Wiki - Downloads - Before posting... Search!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Password Encrypted ZIP files
    By delphi98 in forum Administrators
    Replies: 4
    Last Post: 06-25-2008, 02:39 PM
  2. Migration using external cyrus store
    By k-gun12 in forum Migration
    Replies: 2
    Last Post: 11-09-2006, 02:14 PM
  3. User Migration / Account / Password Question
    By nexus in forum Installation
    Replies: 1
    Last Post: 07-28-2006, 09:02 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •