[cvs] [Wiki] changed: ExistingLDAPHowTo

Ben Chavet ben at horde.org
Thu Jun 2 20:48:51 PDT 2005 

ben  Thu, 02 Jun 2005 20:48:51 -0700

Modified page: http://wiki.horde.org/ExistingLDAPHowTo
New Revision:  1.14

@@ -67,16 +67,35 @@
 
 ++ Managing Posix Accounts
 
 With a little tweaking, Horde can be used to do basic user management for a Posix system, such as adding and removing users.
+
++++ !NextFreeUnixId Object
+
+We have to have a place to keep track of the next user id number.  If you are already using LDAP for user management, chances are, you already have an object doing this, and you can skip this section.  If you do not, we need to create one with the following //ldif// file:
+
+<code>
+dn: cn=NextFreeUnixId,dc=example,dc=com
+gidNumber: 1000
+uidNumber: 1000
+objectClass: inetOrgPerson
+sn: NextFreeUnixId
+cn: NextFreeUnixId
+</code>
+
+And add this object to the directory:
+
+<code>
+ldapadd -x -h localhost -D "cn=root,dc=example,dc=com" -f filename.ldif -W
+</code>
 
 +++ Configure !AuthLDAP Hook
 
 <code type="php">
 if (!function_exists('_horde_hook_authldap')) {
     function _horde_hook_authldap($userID, $credentials = null)
     {
-        $entry['dn'] = 'uid=' . $userID . ',ou=horde,dc=chavet,dc=net';
+        $entry['dn'] = 'uid=' . $userID . ',ou=horde,dc=example,dc=com';
         if (isset($credentials) && isset($credentials['user_fullname'])) {
             $entry['cn'] = $credentials['user_fullname'];
         } else {
             $entry['cn'] = $userID;
@@ -84,9 +103,22 @@
         $entry['sn'] = $userID;
         $entry['objectclass'][0] = 'top';
         $entry['objectclass'][1] = 'posixAccount';
         $entry['objectclass'][2] = 'shadowAccount';
+        $entry['objectclass'][3] = 'inetOrgPerson';
         $entry['uid'] = $userID;
+        $entry['homeDirectory'] = '/home/' . $userID;
+        $entry['gidNumber'] = 100;
+
+        // get the next available uid
+        $ds = @ldap_connect($GLOBALS['conf']['auth']['params']['hostspec']);
+        @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $GLOBALS['conf']['auth']['params']['version']);
+        @ldap_bind($ds, $GLOBALS['conf']['auth']['params']['binddn'], $GLOBALS['conf']['auth']['params']['password']);
+        $searchResults = @ldap_search($ds, 'dc=example,dc=com', 'cn=NextFreeUnixId');
+        $information = @ldap_get_entries($ds, $searchResults);
+        ldap_modify($ds, 'cn=NextFreeUnixId,dc=example,dc=com', array('uidnumber' => $information[0]['uidnumber'][0] + 1));
+        @ldap_close($ds);
+        $entry['uidNumber'] = $information[0]['uidnumber'][0];
 
         // need to check for new users (password) and edited users (user_pass_2)
         if (isset($credentials) && isset($credentials['password'])) {
             $entry['userPassword'] =  '{MD5}' . base64_encode(mHash(MHASH_MD5, $credentials['password']));
@@ -102,8 +134,12 @@
 
 If you are using Horde to manage your user accounts, the horde account needs more priveleges in order to make the proper changes.
 
 <code>
+access to dn.base="cn=NextFreeUnixId,dc=example,dc=com"
+        by dn="cn=horde,ou=DSA,dc=example,dc=com" write
+        by * none
+
 access to dn.children="ou=Users,dc=example,dc=com"
         attrs=entry,objectClass,uid
         by dn="cn=horde,ou=DSA,dc=example,dc=com" write
         by self read

More information about the cvs mailing list