[horde] connecting to LDAP

Silver Salonen silver at ultrasoft.ee
Wed Sep 21 04:07:31 PDT 2005 

Thanks for suggestion :)

But it wasn't what I ment.
Right now, for authenticating users, Horde connects to LDAP with username 
'cn=horde,ou=systemaccounts,dc=example,dc=dom' and password 'mypassword'.

But I want it to connect with username and password that are somehow derived 
from username and password provided by user currently logging in.

For an instance, if I'm logging in with username 'silver at ultrasoft.ee' and 
password 'silverpassword', I'd expect Horde to connect with 
'cn=silver,cn=ultrasoft.ee,dc=hosting,dc=example,dc=dom' and password 
'silverpassword'.

In this way the user that is currently logging in couldn't read any 
information besides his own (even if he tried, due to some security hole or 
smth) because he's not given enough rights in LDAP-server. And I should't be 
afraid of exposing my configuration file.

I hope my wish is more clear now :)

PS. I didn't find such hook from hooks.php either.

Silver

> Quoting Silver Salonen <silver at ultrasoft.ee>:
> 
> > Hi.
> >
> > I've set up Horde to authenticate users from LDAP. The only thing I'm
> > currently worrying about a little is that Horde connects to LDAP with 
static
> > username and password.
> >
> > I've given all users access to their entries:
> > access to *
> > 	by self write
> > 	by anonymous auth
> > 	by * none
> >
> > I think it would be more secure if I didn't have to give some special user
> > special access-rights and Horde connected to LDAP with username and 
password
> > provided by user trying to log in.
> 
> I assume that by "special user" you are talking about binding with your 
> rootdn?
> if so, no, it isn't necessary.  Be sure and browse through:
>   horde/config/hooks.php.dist
> If you are referring to the horde admin user, it only uses ldap for 
> authentification like all other users and requires an entry in 
> horde/config/conf.php like:
>   $conf['auth']['admins'] = array('<silver at ultrasoft.ee>');
> in your horde/config/conf.php assuming that you are using mail for ldap 
> auth if not it is your user name.
> 
> Hope that helps,
> 
> ed
> 
> >
> > Is it possible?
> >
> > Thanks in advance,
> > Silver

More information about the horde mailing list