[cvs] [Wiki] changed: ExistingLDAPHowTo

Ben Chavet ben at horde.org
Thu Jun 2 20:11:43 PDT 2005 

ben  Thu, 02 Jun 2005 20:11:43 -0700

Modified page: http://wiki.horde.org/ExistingLDAPHowTo
New Revision:  1.13

@@ -57,8 +57,62 @@
         by * none
 
 access to dn.children="ou=Users,dc=example,dc=com"
         attrs=userPassword
+        by self write
+        by anonymous auth
+        by * none
+</code>
+
+----
+
+++ Managing Posix Accounts
+
+With a little tweaking, Horde can be used to do basic user management for a Posix system, such as adding and removing users.
+
++++ Configure !AuthLDAP Hook
+
+<code type="php">
+if (!function_exists('_horde_hook_authldap')) {
+    function _horde_hook_authldap($userID, $credentials = null)
+    {
+        $entry['dn'] = 'uid=' . $userID . ',ou=horde,dc=chavet,dc=net';
+        if (isset($credentials) && isset($credentials['user_fullname'])) {
+            $entry['cn'] = $credentials['user_fullname'];
+        } else {
+            $entry['cn'] = $userID;
+        }
+        $entry['sn'] = $userID;
+        $entry['objectclass'][0] = 'top';
+        $entry['objectclass'][1] = 'posixAccount';
+        $entry['objectclass'][2] = 'shadowAccount';
+        $entry['uid'] = $userID;
+
+        // need to check for new users (password) and edited users (user_pass_2)
+        if (isset($credentials) && isset($credentials['password'])) {
+            $entry['userPassword'] =  '{MD5}' . base64_encode(mHash(MHASH_MD5, $credentials['password']));
+        } else if (isset($credentials) && isset($credentials['user_pass_2'])) {
+            $entry['userPassword'] =  '{MD5}' . base64_encode(mHash(MHASH_MD5, $credentials['user_pass_2']));
+        }
+        return $entry;
+    }
+}
+</code>
+
++++ Directory Permissions
+
+If you are using Horde to manage your user accounts, the horde account needs more priveleges in order to make the proper changes.
+
+<code>
+access to dn.children="ou=Users,dc=example,dc=com"
+        attrs=entry,objectClass,uid
+        by dn="cn=horde,ou=DSA,dc=example,dc=com" write
+        by self read
+        by * none
+
+access to dn.children="ou=Users,dc=example,dc=com"
+        attrs=userPassword
+        by dn="cn=horde,ou=DSA,dc=example,dc=com" write
         by self write
         by anonymous auth
         by * none
 </code>

More information about the cvs mailing list