iredmail-doc/howto/reset.user.password.md

Reset user password

• SSHA512 is recommended for SQL backends, don't use MD5 unless you have a reason.
• BCRYPT is recommended for SQL backens on BSD systems.

With MySQL or PostgreSQL backends, you can generate a password hash with openssl or doveadm command first, then replace old one with this newly generated one.

For example:

• Generate a salted MD5 password hash with openssl (plain password is 123456 in this case):

$ openssl passwd -1 123456
$1$2dQ48hyz$.mCLeDSdPkP3fxVmARsB.0

Or, generate password hash with doveadm:

$ doveadm pw -s 'ssha512' -p '123456'
{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=

• Reset password for user user@domain.ltd and another-user@domain.ltd:

sql> USE vmail;
sql> UPDATE mailbox SET password='$1$2dQ48hyz$.mCLeDSdPkP3fxVmARsB.0' WHERE username='user@domain.ltd';
sql> UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY...' WHERE username='another-user@domain.ltd';

With OpenLDAP backend, you can reset it with phpLDAPadmin or other LDAP client tools, SSHA is preferred if you have other applications to authenticate users against OpenLDAP.

It's ok to use plain password temporarily, then login to Roundcube webmail or iRedAdmin-Pro (with self-service enabled) to reset password immediately. For example:

sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='user@domain.ltd';

See also

• Password hashes used/supported by iRedMail