[cvs] [Wiki] changed: ExistingLDAPHowTo
Ben Chavet
ben at horde.org
Thu Jun 2 20:48:51 PDT 2005
ben Thu, 02 Jun 2005 20:48:51 -0700
Modified page: http://wiki.horde.org/ExistingLDAPHowTo
New Revision: 1.14
@@ -67,16 +67,35 @@
++ Managing Posix Accounts
With a little tweaking, Horde can be used to do basic user management for a Posix system, such as adding and removing users.
+
++++ !NextFreeUnixId Object
+
+We have to have a place to keep track of the next user id number. If you are already using LDAP for user management, chances are, you already have an object doing this, and you can skip this section. If you do not, we need to create one with the following //ldif// file:
+
+<code>
+dn: cn=NextFreeUnixId,dc=example,dc=com
+gidNumber: 1000
+uidNumber: 1000
+objectClass: inetOrgPerson
+sn: NextFreeUnixId
+cn: NextFreeUnixId
+</code>
+
+And add this object to the directory:
+
+<code>
+ldapadd -x -h localhost -D "cn=root,dc=example,dc=com" -f filename.ldif -W
+</code>
+++ Configure !AuthLDAP Hook
<code type="php">
if (!function_exists('_horde_hook_authldap')) {
function _horde_hook_authldap($userID, $credentials = null)
{
- $entry['dn'] = 'uid=' . $userID . ',ou=horde,dc=chavet,dc=net';
+ $entry['dn'] = 'uid=' . $userID . ',ou=horde,dc=example,dc=com';
if (isset($credentials) && isset($credentials['user_fullname'])) {
$entry['cn'] = $credentials['user_fullname'];
} else {
$entry['cn'] = $userID;
@@ -84,9 +103,22 @@
$entry['sn'] = $userID;
$entry['objectclass'][0] = 'top';
$entry['objectclass'][1] = 'posixAccount';
$entry['objectclass'][2] = 'shadowAccount';
+ $entry['objectclass'][3] = 'inetOrgPerson';
$entry['uid'] = $userID;
+ $entry['homeDirectory'] = '/home/' . $userID;
+ $entry['gidNumber'] = 100;
+
+ // get the next available uid
+ $ds = @ldap_connect($GLOBALS['conf']['auth']['params']['hostspec']);
+ @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $GLOBALS['conf']['auth']['params']['version']);
+ @ldap_bind($ds, $GLOBALS['conf']['auth']['params']['binddn'], $GLOBALS['conf']['auth']['params']['password']);
+ $searchResults = @ldap_search($ds, 'dc=example,dc=com', 'cn=NextFreeUnixId');
+ $information = @ldap_get_entries($ds, $searchResults);
+ ldap_modify($ds, 'cn=NextFreeUnixId,dc=example,dc=com', array('uidnumber' => $information[0]['uidnumber'][0] + 1));
+ @ldap_close($ds);
+ $entry['uidNumber'] = $information[0]['uidnumber'][0];
// need to check for new users (password) and edited users (user_pass_2)
if (isset($credentials) && isset($credentials['password'])) {
$entry['userPassword'] = '{MD5}' . base64_encode(mHash(MHASH_MD5, $credentials['password']));
@@ -102,8 +134,12 @@
If you are using Horde to manage your user accounts, the horde account needs more priveleges in order to make the proper changes.
<code>
+access to dn.base="cn=NextFreeUnixId,dc=example,dc=com"
+ by dn="cn=horde,ou=DSA,dc=example,dc=com" write
+ by * none
+
access to dn.children="ou=Users,dc=example,dc=com"
attrs=entry,objectClass,uid
by dn="cn=horde,ou=DSA,dc=example,dc=com" write
by self read
More information about the cvs
mailing list