[Tickets #8270] Re: Wicked tries (and fails) to bind to LDAP as Page creator
bugs at horde.org
bugs at horde.org
Thu Jun 4 13:07:01 UTC 2009
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/8270
------------------------------------------------------------------------------
Ticket | 8270
Updated By | Ben Klang <ben at alkaloid.net>
Summary | Wicked tries (and fails) to bind to LDAP as Page
| creator
Queue | Wicked
Type | Bug
State | Assigned
Priority | 1. Low
Milestone |
Patch |
Owners | Michael Rubinsky, Ben Klang, Ben Chavet
------------------------------------------------------------------------------
Ben Klang <ben at alkaloid.net> (2009-06-04 09:07) wrote:
I suspect this is related to configuring LDAP to use per-user
credentials to bind to LDAP rather than a "system" account that has
read and/or write access across the tree. For most applications this
works fine, but there are some places in Horde where it is necessary
to access other users' information. For example: when resolving a
user ID into a friendly name, an Identity object is created (backed by
Prefs) which is used to try to look up the Personal Information. If
you are using LDAP to store prefs, and LDAP is configured to use the
user's own credentials rather than a single system-type credential,
this operation fails.
The question, though, is how to solve it? In my own environments I
have created a Horde user in LDAP that has the appropriate access to
all users so it avoids this problem. But one of the configuration
options we allow in Horde currently is to use the user's own
credentials when binding to LDAP. Do we need to deprecate that
feature or make Identity lookup failurs (and other similar cross-user
Prefs actions) fail silently since they are "soft" errors?
More information about the bugs
mailing list