Topic: Roundcube password change form fails after upgrade to iRedMail 0.9.1
==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
======== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version: Ubuntu 14.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PostgreSQL 9.3
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue: (see below)
====
I installed Roundcube via iRedMail 0.9.0. Yesterday, in an effort to catch up on the iRedMail updates, I upgraded from Roundcube 1.0.4 to 1.1.5 using the Roundcube update script as instructed in the iRedMail upgrade instructions for 0.9.0 to 0.9.1. Unfortunately, it seems that the password plugin no longer works: a valid to change the password results in an error popup saying that the password could not be changed. Checking the logs, I get an error message such as this one:
May 4 15:08:20 mail roundcube: <2o9vkuia> DB Error: [7] ERROR: syntax error at or near "{"#012LINE 1: ...dbname=\'vmail\'', E'UPDATE mailbox SET password='{SSHA512}+...#012 ^ (SQL Query: SELECT * from dblink_exec(E'host=\'127.0.0.1\' user=\'roundcube\' password=\'Redacted\' dbname=\'vmail\'', E'UPDATE mailbox SET password='{SSHA512}+MO/redacted/iM=',passwordlastchange=NOW() WHERE username='redacted@example.com'')) in /usr/share/apache2/roundcubemail-1.0.4/program/lib/Roundcube/rcube_db.php on line 543 (POST /mail/?_task=settings&_action=plugin.password-save?_task=&_action=)This is the first part of my plugins/password/config.inc.php file, excluding the later unused driver options:
<?php
// Password Plugin options
// -----------------------
// A driver to use for password change. Default: "sql".
// See README file for list of supported driver names.
$config['password_driver'] = "sql";
// Determine whether current password is required to change password.
// Default: false.
$config['password_confirm_current'] = true;
// Require the new password to be a certain length.
// set to blank to allow passwords of any length
$config['password_minimum_length'] = 8;
// Require the new password to contain a letter and punctuation character
// Change to false to remove this check.
$config['password_require_nonalpha'] = false;
// Enables logging of password changes into logs/password
$config['password_log'] = true;
// Comma-separated list of login exceptions for which password change
// will be not available (no Password tab in Settings)
$config['password_login_exceptions'] = true;
// Array of hosts that support password changing. Default is NULL.
// Listed hosts will feature a Password option in Settings; others will not.
// Example:
//$config['password_hosts'] = array('mail.example.com', 'mail2.example.org');
$config['password_hosts'] = null;
// Enables saving the new password even if it matches the old password. Useful
// for upgrading the stored passwords after the encryption scheme has changed.
$config['password_force_save'] = false;
// SQL Driver options
// ------------------
// PEAR database DSN for performing the query. By default
// Roundcube DB settings are used.
$config['password_db_dsn'] = "pgsql://roundcube:Redacted@127.0.0.1/vmail";
// The SQL query used to change the password.
// The query can contain the following macros that will be expanded as follows:
// %p is replaced with the plaintext new password
// %c is replaced with the crypt version of the new password, MD5 if available
// otherwise DES. More hash function can be enabled using the password_crypt_hash
// configuration parameter.
// %D is replaced with the dovecotpw-crypted version of the new password
// %o is replaced with the password before the change
// %n is replaced with the hashed version of the new password
// %q is replaced with the hashed password before the change
// %h is replaced with the imap host (from the session info)
// %u is replaced with the username (from the session info)
// %l is replaced with the local part of the username
// (in case the username is an email address)
// %d is replaced with the domain part of the username
// (in case the username is an email address)
// Escaping of macros is handled by this module.
// Default: "SELECT update_passwd(%c, %u)"
$rcmail_config['password_query'] = "SELECT * from dblink_exec(E'host=\'127.0.0.1\' user=\'roundcube\' password=\'Redacted\' dbname=\'vmail\'', E'UPDATE mailbox SET password=%D,passwordlastchange=NOW() WHERE username=%u')";
// By default the crypt() function which is used to create the '%c'
// parameter uses the md5 algorithm. To use different algorithms
// you can choose between: des, md5, blowfish, sha256, sha512.
// Before using other hash functions than des or md5 please make sure
// your operating system supports the other hash functions.
$config['password_crypt_hash'] = 'md5';
// By default domains in variables are using unicode.
// Enable this option to use punycoded names
$config['password_idn_ascii'] = false;
// Path for dovecotpw (if not in $PATH)
$config['password_dovecotpw'] = "/usr/bin/doveadm pw";
// Dovecot method (dovecotpw -s 'method')
$config['password_dovecotpw_method'] = "SSHA512";
// Enables use of password with crypt method prefix in %D, e.g. {MD5}$1$LUiMYWqx$fEkg/ggr/L6Mb2X7be4i1/
$config['password_dovecotpw_with_method'] = true;
// Using a password hash for %n and %q variables.
// Determine which hashing algorithm should be used to generate
// the hashed new and current password for using them within the
// SQL query. Requires PHP's 'hash' extension.
$config['password_hash_algorithm'] = 'sha1';
// You can also decide whether the hash should be provided
// as hex string or in base64 encoded format.
$config['password_hash_base64'] = false;
// Iteration count parameter for Blowfish-based hashing algo.
// It must be between 4 and 31. Default: 12.
// Be aware, the higher the value, the longer it takes to generate the password hashes.
$config['password_blowfish_cost'] = 12;I have not edited it by hand other than to change the value of $config['password_require_nonalpha'].
What should I do to fix this problem? Thank you!
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.