[horde] Re: Horde/Imp LDAP-Prefs Code

Edwin Culp eculp at encontacto.net
Thu Jun 6 15:22:01 PDT 2002 

Quoting KaalH! <kaalh at smol.org>:

| Surlignage Edwin Culp <eculp at encontacto.net>:
| 
| > Quoting KaalH! <kaalh at smol.org>:
| > 
| > | got some fresh stuff about this :
| > http://kaalh.smol.org/horde/ldap.php.diff
| > | 
| > | When $conf['prefs']['params']['rootdn'] and $conf['prefs']['params']
| > | ['username'] are not set, 
| > KaalH,
| > 
| > I have all the above commented out and I haven't had any problems.  When
| > and maybe why do I need an anonymous search and a rebind?  I didn't 
| > realize that it was broken.  Actually, I really like the bind code
| > because it doesn't require a rootdn to bind.  
| > 
| > Please help me understand what I am missing here.
| > 
| > Thanks,
| > 
| > ed
| 
| well,
| 
| To find which DN will be used to bind the ldap server, we have several 
| choices :
| 1 - use the the rootdn (generaly when users cannot change their own entry)
| 2 - use the user dn
|     Finding the user dn in the ldap tree require a search query. 
Wouldn't that depend on the design of your tree?  Does your tree require it?

I keep all my users as dn: mail=kaalh at mydomain.com,ou=people,o=mydomain.com
This allows me as many virtual domains and users as I need.  I bind my 
configuration is simply
$conf['prefs']['params']['basedn'] = 'ou=people,o=mydomain.org';
$conf['prefs']['params']['uid'] = 'mail';

rootdn and friends are all commented out. 
Prefs work fine, but now I need to go back to the source and see why:-)
 
|     Searching requires binding, so I'm binding anonymously.
|     Maybe add a "initial_binddn" param will be needed to perform this search 
| if the ldap server is configured to refuse anonymous searching / entry 
| retrieving.

Mine is and in turba I have wanted to make sure that only the users can
modify their accounts and their contacts so I had to make the rootdn
equal to the user dn in sources.php and set the acl's up accordingly.
I really don't know why but it seemed like a good idea at the time and
I wanted to remove anonymous searching.

|     And finally, rebind with the user dn.
| 
| Is that what you're expected ?
Yes it is.

ldap.php must already be doing this or I wouldn't have any prefs, would
I?  

I'm sorry to take up your time and the lists with this but I can't
see how it will change but you know much more about this than I and have
done a great job at patching and improving the ldap support on hord/imp/turba
so I'm on your side.  I applaud your work.  Thanks for trying to get 
through this thick skull.:-) I'm going to look at lib/Prefs/ldap.php 
yet again to see why I have prefs :-) It must be dumb luck.

ed



-------------------------------------------------------------
 http://insourcery.com - Mergence of Business and Technology  
          a "Griffin Plaza Partners, LLC" Company

More information about the horde mailing list