[Tickets #3229] RESOLVED: cannot change ldap password without anonymous bind allowed
bugs@bugs.horde.org
bugs at bugs.horde.org
Sun Jan 15 05:32:02 PST 2006
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=3229
-----------------------------------------------------------------------
Ticket | 3229
Updated By | mi.braun at onlinehome.de
Summary | cannot change ldap password without anonymous bind allowed
Queue | Passwd
Version | HEAD
State | Resolved
Priority | 2. Medium
Type | Bug
Owners | Jan Schneider
-----------------------------------------------------------------------
mi.braun at onlinehome.de (2006-01-15 05:32) wrote:
> Committed, but I left out the guestdn changes that didn't make any
> sense to me. You could use the admindn parameters for that, it
> doesn't *have* to be an admin user.
But if I use the admindn parameters, then line 136ff of
passwd/lib/Driver/ldap.php won't work.
It says:
// If we used admin bindings, we have to check the password here.
if (!empty($this->_params['admindn'])) {
$ldappasswd = ldap_get_values($this->_ds, $entry,
$this->_params['attribute']);
$result = $this->comparePasswords($ldappasswd[0],
$old_password);
if (is_a($result, 'PEAR_Error')) {
return $result;
}
}
So if I use a non-privileged user as admindn, then this will certainly
fail.
The usage of "guestdn" would allow to use a non-privileged user to bind
first for checking wether horde user exists in ldap and then to use the
identity of the horde user to change its own password.
sincerly,
m. braun
More information about the bugs
mailing list