2017-04-11 10:17:11 +08:00

135 lines
6.5 KiB

<!DOCTYPE html>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Reset user password</title>
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
<div id="navigation">
<a href="/index.html" target="_blank">
<img alt="iRedMail web site"
style="vertical-align: middle; height: 30px;"
&nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><div class="admonition note">
<p class="admonition-title">This tutorial is available in other languages. <a href="">Help translate more</a></p>
<p><a href="./reset.user.password-zh_CN.html">简体中文</a> /</p>
<h1 id="reset-user-password">Reset user password</h1>
<div class="toc">
<li><a href="#reset-user-password">Reset user password</a><ul>
<li><a href="#reset-password-with-sqlldap-command-line">Reset password with SQL/LDAP command line</a><ul>
<li><a href="#generate-password-hash-for-new-password">Generate password hash for new password</a></li>
<li><a href="#sql-backends">SQL backends</a></li>
<li><a href="#ldap-backends">LDAP backends</a></li>
<li><a href="#reset-password-with-scripts-shipped-in-iredadmin-pro">Reset password with scripts shipped in iRedAdmin-Pro</a><ul>
<li><a href="#reset-password-for-one-user">Reset password for one user</a></li>
<li><a href="#reset-passwords-for-multiple-users-with-a-csv-file">Reset passwords for multiple users with a CSV file</a></li>
<li><a href="#see-also">See also</a></li>
<h2 id="reset-password-with-sqlldap-command-line">Reset password with SQL/LDAP command line</h2>
<h3 id="generate-password-hash-for-new-password">Generate password hash for new password</h3>
<p>Storing password in plain text is dangerous, so we need to hash the password.
In case the SQL/LDAP database was leaked/cracked, cracker still need some time
to decode the password hash to get plain password, this will give you some
time to reset password to prevent mail message leak.</p>
<li>SSHA512 is recommended on Linux systems.</li>
<li>BCRYPT is recommended on BSD systems.</li>
<li>MD5 is not safe, DO NOT USE IT no matter what reasons you have.</li>
<p>To generate password hash for new password, please use <code>doveadm</code> command.</p>
<li>Generate a SSHA512 password hash:</li>
<pre><code>$ doveadm pw -s 'ssha512' -p '123456'
<li>Generate a BCRYPT password hash on BSD system:</li>
<pre><code>$ doveadm pw -s 'blf-crypt' -p '123'
<h3 id="sql-backends">SQL backends</h3>
<p>To reset password for user <code></code>, please login to SQL server as
either SQL root user or <code>vmailadmin</code> user (note: sql user <code>vmail</code> has read-only
privilege to <code>vmail</code> database, so you cannot use it to change user password),
then execute SQL commands to reset password:</p>
<pre><code>sql&gt; USE vmail;
sql&gt; UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=' WHERE username='';
<h3 id="ldap-backends">LDAP backends</h3>
<p>With OpenLDAP backend, you can reset it with <code>ldapvi</code>, phpLDAPadmin or other
LDAP client tools. <code>SSHA512</code> is recommended, but if you have some application
which needs to perform authentication with ldap dn directly, then <code>SSHA</code> is
<h2 id="reset-password-with-scripts-shipped-in-iredadmin-pro">Reset password with scripts shipped in iRedAdmin-Pro</h2>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>iRedAdmin-Pro scripts support both SQL and LDAP backends.</p>
<h3 id="reset-password-for-one-user">Reset password for one user</h3>
<p>iRedAdmin-Pro ships script <code>tools/</code> to help you reset
one user's password. For example, on CentOS 7 (iRedAdmin is installed under
<pre><code>cd /var/www/iredadmin/tools/
python '123456'
<p>Sample output:</p>
<pre><code>[] Password has been reset.
<h3 id="reset-passwords-for-multiple-users-with-a-csv-file">Reset passwords for multiple users with a CSV file</h3>
<p>If you need to update many users' passwords, another way is resetting passwords
with script shipped in iRedAdmin-Pro: <code>tools/</code>. It
reads the user email addresses and NEW passwords from a CSV file.</p>
<p>The content is CSV file is:</p>
<pre><code>&lt;email&gt; &lt;new_password&gt;
<p>One mail user (and new password) per line. For example, file <code>new_passwords.csv</code>:</p>
<pre><code> pF4mTq4jaRzDLlWl SPhkTUlZs1TBxvmJ 8deNR8IBLycRujDN
<p>Then run script with this file:</p>
<pre><code>python new_passwords.csv
<h2 id="see-also">See also</h2>
<li><a href="./password.hashes.html">Password hashes used/supported by iRedMail</a></li>
<li><a href="./">Promote a mail user to be global admin</a></li>
</ul><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="">BitBucket repository</a>, and published under <a href="" target="_blank">Creative Commons</a> license. You can <a href="">download the latest version</a> for offline reading. If you found something wrong, please do <a href="">contact us</a> to fix it.</p>
<script type="text/javascript">
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
ga('create', 'UA-3293801-21', 'auto');
ga('send', 'pageview');