[Tickets #8271] Re: LDAP preferences - unauthenticated bind attempt / failure

bugs at horde.org bugs at horde.org
Thu Jun 4 13:54:18 UTC 2009 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/8271
------------------------------------------------------------------------------
  Ticket             | 8271
  Updated By         | Michael Rubinsky <mrubinsk at horde.org>
  Summary            | LDAP preferences - unauthenticated bind attempt /
                     | failure
  Queue              | Turba
  Version            | 2.3.1
  Type               | Bug
  State              | Assigned
  Priority           | 1. Low
  Milestone          |
  Patch              |
  Owners             | Michael Rubinsky, Ben Klang
------------------------------------------------------------------------------


Michael Rubinsky <mrubinsk at horde.org> (2009-06-04 09:54) wrote:

There are some notes related to this in Bug: 8270

Also, FWIW, the Ansel ticket cited ( Bug:8269 ) has been resolved,  
albeit in a non-ideal way (by allow an admin to explicitly disallow  
attempting to read other user's prefs if they do not want to provide  
an appropriate search DN to bind with).

Why this in failing in Turba *after* viewing the contact created by  
another user then returning to the address book browse view, I'm not  
sure. My only idea is that maybe by the time the notification is  
pushed for the bind error, it's too late to display on the current  
screen, so it is pushed after the next page reload. I'm not an LDAP  
guy, nor do I have a LDAP server available to test this theory on...

> Preferences binds are done as the logged on user. Would doing a
> preferences bind as an LDAP user with permissions to all the required
> parts of LDAP solve this?

AFAIK, this is what the search dn is for.

> I would rather bind as the user
> concerned... seems to be a more "proper" way to do it, and I'd have
> thought it should work given the option is there.

The problem (as described in the other tickets as well) is that there  
are parts of Horde where we need to attempt access to another user's  
preferences, for example, when retrieving a user's Identity settings  
so we can display full names instead of usernames.

More information about the bugs mailing list