[Tickets #8270] Re: Wicked tries (and fails) to bind to LDAP as Page creator

bugs at horde.org bugs at horde.org
Thu Jun 4 13:07:01 UTC 2009


Ticket URL: http://bugs.horde.org/ticket/8270
  Ticket             | 8270
  Updated By         | Ben Klang <ben at alkaloid.net>
  Summary            | Wicked tries (and fails) to bind to LDAP as Page
                     | creator
  Queue              | Wicked
  Type               | Bug
  State              | Assigned
  Priority           | 1. Low
  Milestone          |
  Patch              |
  Owners             | Michael Rubinsky, Ben Klang, Ben Chavet

Ben Klang <ben at alkaloid.net> (2009-06-04 09:07) wrote:

I suspect this is related to configuring LDAP to use per-user  
credentials to bind to LDAP rather than a "system" account that has  
read and/or write access across the tree.  For most applications this  
works fine, but there are some places in Horde where it is necessary  
to access other users' information.  For example: when resolving a  
user ID into a friendly name, an Identity object is created (backed by  
Prefs) which is used to try to look up the Personal Information.  If  
you are using LDAP to store prefs, and LDAP is configured to use the  
user's own credentials rather than a single system-type credential,  
this operation fails.

The question, though, is how to solve it?  In my own environments I  
have created a Horde user in LDAP that has the appropriate access to  
all users so it avoids this problem.  But one of the configuration  
options we allow in Horde currently is to use the user's own  
credentials when binding to LDAP.  Do we need to deprecate that  
feature or make Identity lookup failurs (and other similar cross-user  
Prefs actions) fail silently since they are "soft" errors?

More information about the bugs mailing list