ispconfig email login with user@domain How to

Discussion in 'Tips/Tricks/Mods' started by desmondk, Nov 2, 2006.

  1. desmondk

    desmondk New Member

    For those that want to log into your email with user@domain here it is.
    In ispconfig control panel , log in as admin and go to Management -> system config -> settings -> ISP manager ; and change "User Prefix" to [DOMAIN]_

    We wil be using couriers userdb for authentication purposes.
    Users wil now be added to the system as domain_user using the ispconfig frontend.

    Edit authdaemonrc located at /etc/courier/ (on my ubuntu system) and change the line reading authmodulelist so it look like this

    Code:
    authmodulelist="authuserdb authpam"
    
    Save and restart courier authdaemon.

    Here is the code for the script that wil convert the text to user@domain that you would be able to login in with
    Code:
    #!/bin/bash
    
    delim="_"
    
    OIFS=$IFS
    IFS="
    "
    rm -rf /etc/courier/userdb
    touch /etc/courier/userdb
    chmod 600 /etc/courier/userdb
    for line in `pw2userdb2 | grep -ir user`
    do
            domain=$( echo $line | cut -d"$delim" -f1 )
            useruid=$( echo $line | cut -d"$delim" -f2 )
            username=$( echo $useruid | cut -d'     ' -f1 )
            uid=$( echo $useruid | cut -d'  ' -f2 )
            gid=$( echo $line | cut -d"$delim" -f3 )
            home=$( echo $line | cut -d"$delim" -f4 )
            shell=$( echo $line | cut -d"$delim" -f6 )
            password=$( echo $line | cut -d"$delim" -f7)
            echo "$username@$domain $uid|$gid|${home}_$username|$shell|$password|/var/www/www.$domain/user/${domain}_$username/Maildir" >> /etc/courier/userdb
            /usr/lib/courier/makeuserdb
    done
    
    IFS=$OIFS
    
    Also replace pw2userdb that is located in /usr/sbin on my system , it may be at a dif location to mine, in that case just use the following command to see where the file is located "which pw2userdb" and replace the code inside with this:
    Code:
    #! /usr/bin/perl
    #
    #  Convert /etc/passwd and /etc/shadow to userdb format.
    #
    #  $Id: pw2userdb.in,v 1.5 2000/07/19 11:55:15 mrsam Exp $
    #
    # Copyright 1998 - 1999 Double Precision, Inc.  See COPYING for
    # distribution information.
    
    use Getopt::Long;
    
    #
    #  Some undocumented options here (for vchkpw2userdb)
    #
    
    die "Invalid options.\n" unless
            GetOptions("passwd=s" => \$passwd, "shadow=s" => \$shadow,
                    "noshadow" => \$noshadow, "nouid" => \$nouid,
                    "domain=s" => \$domain, "vpopuid" => \$vpopuid );
    
    ($dummy, $dummy, $fixed_uid, $fixed_gid)=getpwnam("vpopmail")
            if $vpopuid;
    
    $passwd="/etc/passwd" unless $passwd =~ /./;
    $shadow="/etc/shadow" unless $shadow =~ /./;
    
    $domain="" unless $domain =~ /./;
    $domain="\@$domain" if $domain =~ /./;
    
    open(PASSWD, $passwd) || die "$!\n";
    
    while (<PASSWD>)
    {
            chop if /\n$/;
            next if /^#/;
            ($acct,$passwd,$uid,$gid,$name,$home,$shell)=split( /:/ );
    
            ($uid,$gid)=($fixed_uid,$fixed_gid) if $vpopuid;
    
            $PASSWORD{$acct}=$passwd if $passwd ne "x";
            $UID{$acct}=$uid;
            $GID{$acct}=$gid;
            $HOME{$acct}=$home;
            $SHELL{$acct}=$shell;
    
            $name =~ s/\|/./g;      # Just in case
            $GECOS{$acct}=$name;
    }
    close (PASSWD);
    
    if ( -f $shadow && ! $noshadow)
    {
            open (SHADOW, $shadow) || die "$!\n";
            while (<SHADOW>)
            {
                    next if /^#/;
                    ($acct,$passwd,$dummy)=split(/:/);
                    $PASSWORD{$acct}=$passwd;
            }
            close (SHADOW);
    }
    
    while ( defined ($key=each %UID))
    {
            print "$key$domain\tuid=$UID{$key}|gid=$GID{$key}|home=$HOME{$key}" .
                    ( $SHELL{$key} =~ /./ ? "|shell=$SHELL{$key}":"") .
                    ( $PASSWORD{$key} =~ /./ ? "|systempw=$PASSWORD{$key}":"") .
                    ( $GECOS{$key} =~ /./ ? "|gecos=$GECOS{$key}":"") .
                    "\n";
            print "$UID{$key}=\t$key\n" unless $nouid;
    }
    


    Put he first script in a crontab to remake the userdb file. like this: run the command "crontab -e"
    Add into the file:
    Code:
    */5 * * * * /location_of_the_script/script_name
    
    And Save.



    I am busy changing the script so that it would check to see if there has been any changes made before rebuilding the userdb file and if there wasn't any changes it won't do anything.
    Hope this helps some people in the mean time. Still busy improving it.
     
  2. rojozak

    rojozak New Member

    Thanks for the suggestion desmondk.

    I'm curious if any has given this a try yet? Are there any possible security issues that anyone may see? Does this affect ISPConfig's operation in anyway?

    desmond you say you are still working to improve it...is fully functional at this point?
     
  3. desmondk

    desmondk New Member

    I can't see any security risks at current and it shouldn't affect the way ispconfig operates in any way. I am currently running this on a live production server with no problems.
     
  4. Rustin

    Rustin New Member

    This only applies to pop/imap mail retrieval and not mailuser or client login, right? To log into ispconfig one would have to use <domain>_<username> I assume?
    Also, after a new mail account is made it will take at most 5 minutes before you can access it with the xx@xx style username right?
    It would be nice to have the script execution tied into mail user creation.
    Thanks for the good tip, I'm definately going to give it a try.
     
  5. falko

    falko Super Moderator Howtoforge Staff

    No, only customers, resellers and admin can log into ISPConfig, not system users.
     
  6. oakleeman

    oakleeman New Member

    Anybody know how to do this on Centos 4.4? I've already configured the systems to use DOMAIN_username but can't find any of the files mentioned in the post.
     
  7. falko

    falko Super Moderator Howtoforge Staff

    CentOS uses dovecot instead of Courier, therefore the instructions won't work for you.
     
  8. jwan

    jwan New Member

    I tried the procedure...save the script under /etc/mailscript it didn't work

    I'm not so good with linux, anyway, found 2 things:
    a. the script have to have EXECUTE permission
    b. the script should call pw2userdb instead of pw2userdb2

    Unfortunately, even after the change, running the script manually gives me:

    cut: the delimiter must be a single character
    Try `cut --help' for more information.

    need help...

    OS: ubuntu 6.06
    ISPConfig: 2.2.8

    Jojo W.
     
  9. rojozak

    rojozak New Member

    Hi...Yes, I've been using the script for about a week now and it is working nicely. A few things to note however:

    1. Jwan is correct, there is a typo in the original post and it is supposed to be pw2userdb rather than pw2userdb2.

    2. The script that builds userdb didn't work for me. I had to modify it some. There were some errors (possibly from the HTML copy) and I had to modify the cut command lines as it was not building my userdb file to proper format. (The uid was not truncating properly, if i recall correctly). I've posted the script that I rewrote below. This has been working great for me on my system.

    3. Of course, any users you currently have prior to the switch with the [domain]_ tag will need to be removed and readded (or modified, i suppose if you want to mess with that) in order for them to be able to work with this system. Luckily I had a clean install with only test users before I loaded this and added users for production.

    Thanks again for your work desmonddk.

    Here's my script:

    Code:
    #!/bin/bash
    
    delim="_"
    
    OIFS=$IFS
    IFS="
    "
    rm -rf /etc/courier/userdb
    touch /etc/courier/userdb
    chmod 600 /etc/courier/userdb
    
    for line in `pw2userdb | grep -ir user`
    do
            full=$( echo $line )
            domain=$( echo $line | cut -d"$delim" -f1 )
            remain=$( echo $line | cut -d"$delim" -f2,3,4 )
            username=$( echo $remain | cut -d'      ' -f1 )
            remain2=$( echo $remain | cut -d'       ' -f2 )
            uid=$( echo $remain2 | cut -d'|' -f1 )
            gid=$( echo $remain2 | cut -d'|' -f2 )
            home=$( echo $remain2 | cut -d'|' -f3 )
            shell=$( echo $remain2 | cut -d'|' -f4 )
            password=$( echo $remain2 | cut -d'|' -f5)
            echo "$username@$domain $uid|$gid|$home|$shell|$password|/var/www/www.$domain/user/${domain}_$username/Maildir" >> /$
            /usr/lib/courier/makeuserdb
    done
    
    IFS=$OIFS
    
     
  10. FarrisGoldstein

    FarrisGoldstein New Member

    Using the steps above, I get the following error when I run the script:

    Code:
    cut: the delimiter must be a single character
    Try `cut --help' for more information.
    cut: the delimiter must be a single character
    Try `cut --help' for more information.
    
    the -d flag for cut is expecting a single character, but the code as displayed in rojozak's post shows multiple spaces for the delimiter. Is this just a formatting error for the forum, and if so what is the actual code I should use for the delimiter on those two lines?
     
  11. rojozak

    rojozak New Member

    Those are tabs. (The first separator in the table is a tab). Must be the HTML formatting.
     
    Last edited: Nov 29, 2006
  12. FarrisGoldstein

    FarrisGoldstein New Member

    So I should replace the whitespace in those two lines with a \t ?
     
  13. FarrisGoldstein

    FarrisGoldstein New Member

    I checked the man page for cut and it appears that the default delimited is tab, so I just got rid of the -d on those two lines. Now, my userdb file appears to be in the right format, but whenever I attempt to auth against it, syslog says "entry not found" when it attempts to read userdb. Any clues?

    I'm on debian 3.1 and I followed the "perfect server" howto.
     
  14. rojozak

    rojozak New Member

    Did you edit authdaemonrc as called for in the opening post and did you execute your script to convert userdb to an actual database? Other than that and retracing the steps from the posts, I wouldn't know what else to suggest.

    I did use a lot of echo commands to debug the script and be sure the final userdb met the requirement for the table's format. Otherwise, the origial post is all I used to get it working. - Good luck.
     
  15. FarrisGoldstein

    FarrisGoldstein New Member

    Thanks, I figured it out. Incidentally, the problem I was having this time was similar to the problem I was having with "cut" and the delimiter. I pasted the code straight from the thread, and what should have been a TAB on the final echo of the script to create the userdb file came through as a space. So the userdb wasn't building properly, and in turn makeuserdb wasn't generating a working .dat file.

    I'm planning to go to production with ISPConfig next week, but I now have another small concern. I really like this little bit of trickery here to allow "user@domain" usernames for mail, because it's what my customers are used to. However, won't this create a problem if site owners create a user but specify a "username" that is different from the "email" they specify?
     
  16. falko

    falko Super Moderator Howtoforge Staff

    I haven't tried desmondk's patch, but I guess you can use any email address that you allocate to a user. E.g., if you have a user web1_someuser and give him the email addresses [email protected] and [email protected], you can use both email addresses to log in. At least that's the way it works in ISPConfig's Uebimiau webmail package.
     
  17. FarrisGoldstein

    FarrisGoldstein New Member

    Ok, I'm showing my n00b colors here, and I've now looked through the doc but can't find the answer to this one: How would you, through ISPConfig, go about creating a user with more than one email address?

    Secondly, even with the answer to that question, I'm pretty sure desmondk's script will not work the way you describe, because of the way it parses the login data to create the userdb.
     
  18. falko

    falko Super Moderator Howtoforge Staff

    Take a look here: http://ispconfig.org/downloads/manual_en/manual_kunde_en_src.htm#4_2_2 -> Email Alias
     
  19. desmondk

    desmondk New Member

    Sorry for the late replyt guys. I have been very busy the last few weeks.
    Please not that couriers userdb is very sensitive and that it works with tab's and not spaces. Thanks to all the guys that help out with the tread to help other guys get this sorted. I'n my inviroment i make sure that emails is the same as usernames when added to ispconfig.

    I am also busy working on a gui frontend for my isp system. All users, ftp , email , dns and apache virtual hosts are read from mysql.

    No users get's add to /etc/passwd , everyting is mysql backend driven.

    Software used is as folows: smtp : exim
    pop3+imap: courier
    ftp: pureftp
    dns: bind
    virus: clamav
    spam: dspam (user has own spam corpus to train so no mail spesified as spam wil ever rich user again)
    apache: no virtual hosts entry's per domain. ( uses mod_rewrite) so only directory's needs to be created.

    All loging of traffic get written to mysql for easy accounting.


    Will let you guys know as soon as finished with it. +- 1 month.
     
  20. till

    till Super Moderator Staff Member ISPConfig Developer

    This looks very similar to the ISPConfig 3 relkease which is developed in SVN.
     

Share This Page