[horde] Re: Horde/Imp LDAP-Prefs Code

KaalH! kaalh at smol.org
Fri Jun 7 04:33:42 PDT 2002


Users entries can be located anywhere in the tree, we really have to search 
user dn first.

I've updated my patch, now you can use 
$conf['prefs']['params']['searchdn'] / $conf['prefs']['params']['searchpass'] 
as the initial bind dn.
if $conf['prefs']['params']['searchdn'] is not set, an anonymous bind/search 
is done.

http://kaalh.smol.org/horde/ldap.php.diff

-- 
KaalH!


Surlignage Edwin Culp <eculp at encontacto.net>:

> Quoting KaalH! <kaalh at smol.org>:
> 
> | Surlignage Edwin Culp <eculp at encontacto.net>:
> | 
> | > Quoting KaalH! <kaalh at smol.org>:
> | > 
> | > | got some fresh stuff about this :
> | > http://kaalh.smol.org/horde/ldap.php.diff
> | > | 
> | > | When $conf['prefs']['params']['rootdn'] and $conf['prefs']['params']
> | > | ['username'] are not set, 
> | > KaalH,
> | > 
> | > I have all the above commented out and I haven't had any problems.  When
> | > and maybe why do I need an anonymous search and a rebind?  I didn't 
> | > realize that it was broken.  Actually, I really like the bind code
> | > because it doesn't require a rootdn to bind.  
> | > 
> | > Please help me understand what I am missing here.
> | > 
> | > Thanks,
> | > 
> | > ed
> | 
> | well,
> | 
> | To find which DN will be used to bind the ldap server, we have several 
> | choices :
> | 1 - use the the rootdn (generaly when users cannot change their own entry)
> | 2 - use the user dn
> |     Finding the user dn in the ldap tree require a search query. 
> Wouldn't that depend on the design of your tree?  Does your tree require it?
> 
> I keep all my users as dn: mail=kaalh at mydomain.com,ou=people,o=mydomain.com
> This allows me as many virtual domains and users as I need.  I bind my 
> configuration is simply
> $conf['prefs']['params']['basedn'] = 'ou=people,o=mydomain.org';
> $conf['prefs']['params']['uid'] = 'mail';
> 
> rootdn and friends are all commented out. 
> Prefs work fine, but now I need to go back to the source and see why:-)
>  
> |     Searching requires binding, so I'm binding anonymously.
> |     Maybe add a "initial_binddn" param will be needed to perform this
> search 
> | if the ldap server is configured to refuse anonymous searching / entry 
> | retrieving.
> 
> Mine is and in turba I have wanted to make sure that only the users can
> modify their accounts and their contacts so I had to make the rootdn
> equal to the user dn in sources.php and set the acl's up accordingly.
> I really don't know why but it seemed like a good idea at the time and
> I wanted to remove anonymous searching.
> 
> |     And finally, rebind with the user dn.
> | 
> | Is that what you're expected ?
> Yes it is.
> 
> ldap.php must already be doing this or I wouldn't have any prefs, would
> I?  
> 
> I'm sorry to take up your time and the lists with this but I can't
> see how it will change but you know much more about this than I and have
> done a great job at patching and improving the ldap support on
> hord/imp/turba
> so I'm on your side.  I applaud your work.  Thanks for trying to get 
> through this thick skull.:-) I'm going to look at lib/Prefs/ldap.php 
> yet again to see why I have prefs :-) It must be dumb luck.
> 
> ed
> 
> 
> 
> -------------------------------------------------------------
>  http://insourcery.com - Mergence of Business and Technology  
>           a "Griffin Plaza Partners, LLC" Company
> 
> -- 
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org


More information about the horde mailing list