Certainly a nice way to integrate Gordonr,
Not just a nice way, it's the SME Server design
but my biggest consideration would be about the existing users and their passwords, and the fact that once they change their password through regular steps it does not reflect on Open-Xchange.
I've been throught these before, with the jabber contrib, proxy-users and chpasswd.cgi.
Thanks,
There is a "password-modify" event which gets called when someone modifies their password. However, it does not currently provide a method by which subsystems can get the unencrypted password, as it is called after the new password has been set in /etc/shadow and /etc/smbpasswd. These passwords are set by library functions which are careful not to pass the password on the command line, or similar.
If these subsystems can use /etc/shadow, /etc/smbpassd, PAM or CVM to authenticate, they don't need to do anything more. I'd be really surprised if you can't use one of those methods to check passwords.
If you really need the password to be available in the password-modify event so it can be hashed into yet another password scheme (I hope not), please raise a bug in the 7.0 SourceForge bug tracker, providing details and we'll have a look at it.
Note that there is no way to recover a user's existing password. That is by design, and an important part of a secure password system. So, existing users will need to reset their password when a new subsystem is added, if that new subsystem needs another password scheme.
Again, I'd be surprised if you couldn't use one of the existing methods to authenticate users against either /etc/shadow or /etc/smbpasswd via PAM or CVM. It's usually just a matter of configuring the subsystems in the correct way.