Authentication Module, ODBCAuth

ODBCAuth enables you to authenticate against an ODBC server. You must already have an ODBC server setup and working before this module can be tested.

WARNING: If the database_driver is setup as a "System DSN" then the program using ODBCAuth ie: SurgeMail Mail Server needs to be running as a Service (as the system). If the database_driver is setup as a "User DSN" then the program needs to be running as a user (you can tell a service to run as a specific user).

WARNING: All field names ARE case-sensitive.

Installing and Setup

Some applications come with OBDCAuth already built. If you have not got a build and/or require the latest code it can be downloaded from the one of the links below:

Source: Not Available  
Windows 115k

Configuration Options:

ODBCAuth requires an odbcauth.ini to configure it's options. This file is located in the same directory as the ODBCAuth binary OR in a directory specified by the -path command line option. The available options are:

Setting Default
database_driver ODBCAuth This is the name of the ODBC data source.
database_user This is the login username for the ODBC data source.
database_pass This is the login password for the ODBC data source.
database_table maildb This is the table within the ODBC data source to use.
field_username username This is the name of the field that contains the users username.
field_password password This is the name of the field that contains the users password.
field_domain   This is the name of the field that contains the domain the user belongs to (optional: the domain may be part of the username in the field_username field). You cannot use append_domain AND this setting.
field_translate This setting allows you to translate field names, for example "field_translate forward fwd" will cause ODBCAuth to read the "forward" field from the database and return it as "fwd", the opposite is true if you set a user and set fwd="foo" then ODBCAuth will set the forward field to "foo".
field_block This setting allows you to specify fields that are in the database but are not to be returned by ODBCAuth on a lookup, check or search.
field_send This setting allows you to specify fields that are to be returned only fields in this list or field_translate fields are returned. (you can only use this one OR field_block not both.)
field_droppath This setting specifies a field name, ODBCAuth will report that field as being the users drop path, the drop path is returned in lookup and check commands, it comes just after the username, before the uid and the rest of the users information.
field_ipmask This setting specifies a field name, ODBCAuth will fail a user check even if the password was entered correctly but only if the IP address reported by the checking entity does not match the mask in this field.
max_field_length 255 Max length of a field returned from ODBC.
select_extras This setting allows you to pass extra requirements on all select statements to the database, for example if you wanted this select statement:
SELECT Login, Password FROM tblService ,tblServiceInfoResponse
WHERE Login = 'mike' AND
(tblService.ServiceKey = tblServiceInfoResponse.ServiceKey) AND
(Status='A' OR Status='N' OR Status='O')
Then you would set select_extras to
(tblService.ServiceKey = tblServiceInfoResponse.ServiceKey) AND
(Status='A' OR Status='N' OR Status='O')
use_sha This setting enables the use of SSHA encrypted passwords, ODBCAuth will add users passwords to the database encrypted. Old plain text or crypt'ed passwords will still check correctly but next time they are set they will be encrypted.
check_crypt This setting requests that ODBCAuth attempts to match the password as if it was crypt'ed, if that fails it checks it as if it was plain text, if either success the check is successful. This does not effect SSHA passwords, they will not be checked as if crypt'ed. This setting allows you to migrate NWAuth user/password pairs into an OBDC database and use OBDCAuth.
strip_pass_spaces This setting will cause ODBCAuth to strip any trailing spaces from the password retrieved from the database before comparing it with the one given in the check command.
loglevel info The amount of data to log, error logs only errors, info logs errors and info, debug logs everything.
debug false If set to "true" has same effect as "loglevel debug".
domain The domain name, if set this domain name is appended to all usernames returned by all the commands. It is NOT appended to usernames added to the system.
append_domain false This causes ODBCAuth to append the domain name to the username passed to the database. (typically it only passes the username part ie:"bob" when asked for ""). You cannot use field_domain AND this setting.

Command Line Options:

-path Tells ODBCAuth where to create it's logfile and where to find it's config file.
-debug Sets the logging level to debug.

Supported Commands

The commands below are the list of commands that this module supports. For a full description about the command see Authentication Protocol

Command Parameters
check <user> <pass>
lookup <user>
set <user> <pass>|(NULL) [label="value"]
del <user>
search <string> [-from n] [-max m]

Configuring an ODBC Data Source

Before you can use ODBCAuth you need to configure the ODBC Data Source. This Data Source is what ODBCAauth uses to communicate with your database.

  1. Click Start | Programs | Administrative Tools | Data Sources (OBDC).
  2. Choose the "System DSN" tab, click "Add".
  3. Select the correct driver type, i.e. for an SQL database select "SQL Server", click "Finish".
  4. Enter the remaining Data Source details.

If you do not have "Administrative Tools" in the Start menu, to enable it.

  1. Right-Click the taskbar, click "Properties".
  2. Choose the "Advanced" tab, and tick "Display Administrative Tools".

The database_driver odbcauth.ini setting is set to the new Data Source name. If you enter a login name and/or password for the Data Source, you need to specify these with the database_user and database_pass settings.

Warning: On 64bit windows you must use the 32bit version of odbcad to create the dsn, E.G.