Here is a script I wrote for syncing the shadow file to SOGo's SQL database.
I have it run in cron every minute, and redirect its output to a log
file with the correct permissions.
This is using SOGo's crypt password storage option (undocumented last
time I checked).
The variables at the top are fairly self-explanatory.
The MIN_UID constant defines what the minimum uid in /etc/passwd to sync
above is.
The excluded users array allows you to specify certain users in
/etc/passwd not to sync.
Now for my brief disclaimer :
I haven't scrutinized this script much for security, I take no
responsibility for any side effects, and it comes with no warranty.
Maybe it will help.
#!/usr/bin/php
<?php
define ('SOGO_DBHOST', 'localhost');
define ('SOGO_DBUSER', 'sogouser');
define ('SOGO_DBPASS', '12345');
define ('SOGO_DBNAME', 'sogo');
define ('DOMAIN', 'yourdomain.com');
define ('SHADOW_FILE', '/etc/shadow');
define ('PASSWD_FILE', '/etc/passwd');
define ('MIN_UID', '1000');
$excluded_users = array ();
$excluded_users[] = 'webadmin';
$excluded_users[] = 'scanner';
$excluded_users[] = 'temp';
$excluded_users[] = 'sogo';
$sogo_rows = array ();
$fc = file(PASSWD_FILE);
if (!($fc)) {
echo "\n" . 'Could not obtain the contents of : ' . PASSWD_FILE . "\n";
exit(1);
}
foreach ($fc as $line)
{
$line = rtrim($line);
$line_slices = explode(':',$line);
$username = $line_slices[0];
if (in_array($username,$excluded_users)) {
continue;
}
$uid = $line_slices[2];
if ($uid < MIN_UID) {
continue;
}
$comment = $line_slices[4];
if (empty($comment)) {
$comment = $username;
}
$email = $username . '@' . DOMAIN;
$sogo_rows[$username] = array('uid' => $uid, 'comment' => $comment,
'email' => $email);
}
$fc = file(SHADOW_FILE);
if (!($fc)) {
echo "\n" . 'Could not obtain the contents of : ' . SHADOW_FILE . "\n";
exit(1);
}
foreach ($fc as $line)
{
$line = rtrim($line);
$line_slices = explode(':',$line);
$username = $line_slices[0];
if (!array_key_exists($username,$sogo_rows)) {
continue;
}
$sogo_rows[$username]['hash'] = $line_slices[1];
}
if (sizeof($sogo_rows) == 0) {
echo "\n" . 'No valid users to add were found.' . "\n";
exit(1);
}
$sogo_dbcon = mysql_connect(SOGO_DBHOST,SOGO_DBUSER,SOGO_DBPASS,TRUE);
if (!($sogo_dbcon)) {
die('Error connecting to mysql: ' . mysql_error());
}
mysql_select_db(SOGO_DBNAME, $sogo_dbcon) or die('Error: Could not
select database ' . $sogo_dbname);
foreach ($sogo_rows as $username => $user_attrs) {
$username = mysql_real_escape_string($username);
$query = "SELECT c_password,c_cn FROM sogo_view WHERE c_uid='$username'";
$result = mysql_query($query,$sogo_dbcon);
$num_rows = mysql_num_rows($result);
if ($num_rows == 0) {
$user_attrs = array_map('mysql_real_escape_string', $user_attrs);
$query = "INSERT into sogo_view (c_uid,c_name,c_password,c_cn,mail)
VALUES
('$username','$username','$user_attrs[hash]','$user_attrs[comment]','$user_attrs[email]')";
$result = mysql_query($query,$sogo_dbcon);
if (!($result)) {
mysql_close($sogo_dbcon);
echo "\n" . 'Failed adding user : ' . $username . ' to sogo_view
table.' . "\n";
exit(1);
}
echo "\n" . 'Added user : ' . $username . ' to sogo_view table.' .
"\n";
}
else {
$row = mysql_fetch_assoc($result);
$query_str = '';
if ($user_attrs['hash'] != $row['c_password']) {
$user_attrs['hash'] = mysql_real_escape_string($user_attrs['hash']);
$query_str .= "c_password='$user_attrs[hash]',";
}
if ($user_attrs['comment'] != $row['c_cn']) {
$user_attrs['comment'] =
mysql_real_escape_string($user_attrs['comment']);
$query_str .= "c_cn='$user_attrs[comment]',";
}
if (!empty($query_str)) {
$query_str = rtrim($query_str,',');
$query_str = 'UPDATE sogo_view set ' . $query_str . " WHERE
c_uid='$username'";
$result = mysql_query($query_str,$sogo_dbcon);
if (!($result)) {
mysql_close($sogo_dbcon);
echo "\n" . 'Failed updating data for : ' . $username . ' in
sogo_view table.' . "\n";
exit(1);
}
echo "\n" . 'Updated data for : ' . $username . ' in sogo_view
table.' . "\n";
//Disabled reloading of memcached for now, instead the
"SOGoCacheCleanupInterval" setting has been lowered
//from the default of 300 seconds to 30
//$result = system('/etc/init.d/memcached reload');
//echo "\n" . $result . "\n";
}
}
}
?>
On 02/18/2012 02:54 AM, Daniel Erlacher wrote:
Hello
I am running a ISPconfig installation and ideally it would
be possible to sync the usernames and passwords from /etc/shadow
with the mysql authentification that i am using for sogo.
is there any chance that this is developed? it would be highly appreciated.
there was a discussion on this list already, in 2010:
http://www.mail-archive.com/users@sogo.nu/msg02552.html
ISPconfig uses basically crypt-md5 with salt, which is the same that
debian uses in /etc/shadow or passwd.
thanks
dan
The information contained in this e-mail message may be privileged,
confidential and protected from disclosure. If you are not the intended
recipient, any dissemination, distribution or copying is strictly prohibited.
If you think that you have received this e-mail message in error, please e-mail
the sender at the above e-mail address.
--
users@sogo.nu
https://inverse.ca/sogo/lists