[horde] connecting to LDAP

Silver Salonen silver at ultrasoft.ee
Thu Sep 22 06:34:00 PDT 2005 

Hi again, Michael.

Are you sure that your Horde really binds into LDAP (with username and 
password provided by user logging in) when you put $conf['auth']['params']
['binddn'] and $conf['auth']['params']['password'] to value NULL?

Because my Horde doesn't for sure. It seems to try anonymous search instead. 
But I really wouldn't like to give such access rights in OpenLDAP.

Silver

> I changed my config to:
> $conf['auth']['params']['hostspec'] = 'localhost';
> $conf['auth']['params']['basedn'] = 'dc=mail,dc=hosting,dc=example,dc=dom';
> $conf['auth']['params']['binddn'] = NULL;
> $conf['auth']['params']['password'] = NULL;
> $conf['auth']['params']['version'] = '3';
> $conf['auth']['params']['uid'] = 'mail';
> $conf['auth']['params']['objectclass'] = array('courierMailAccount');
> $conf['auth']['params']['filter_type'] = 'objectclass';
> $conf['auth']['driver'] = 'ldap';
> 
> In LDAP I've got user:
> 
mail=silver at ultrasoft.ee,cn=ultrasoft.ee,dc=mail,dc=hosting,dc=example,dc=dom
> 
> OpenLDAP debugging log:
> Sep 21 17:03:38 mymachine slapd[95941]: conn=93 fd=15 ACCEPT from 
> IP=127.0.0.1:57431 (IP=127.0.0.1:389)
> Sep 21 17:03:38 mymachine slapd[95941]: conn=93 op=0 SRCH 
> base="dc=mail,dc=hosting,dc=example,dc=dom" scope=2 deref=0 
> filter="(mail=silver at ultrasoft.ee)"
> Sep 21 17:03:38 mymachine slapd[95941]: conn=93 op=0 SRCH attr=mail
> Sep 21 17:03:38 mymachine slapd[95941]: conn=93 op=0 SEARCH RESULT tag=101 
> err=0 nentries=0 text=
> Sep 21 17:03:38 mymachine slapd[95941]: conn=93 op=1 UNBIND
> Sep 21 17:03:38 mymachine slapd[95941]: conn=93 fd=15 closed
> 
> As I understand, Horde actually doesn't try to bind into LDAP with such 
> configuration. And so it doesn't get any info from LDAP.
> 
> > vi config/conf.php
> > 
> > $conf['auth']['params']['hostspec'] = 'ldaps://ldapm.example.ch:636';
> > $conf['auth']['params']['basedn'] = 'ou=mail,ou=service,o=example,c=ch';
> > // With the following two entries, we can force Horde to authenticate 
> > with the users credentials
> > $conf['auth']['params']['binddn'] = NULL;
> > $conf['auth']['params']['password'] = NULL;
> > $conf['auth']['params']['version'] = '3';
> > $conf['auth']['params']['uid'] = 'mail';
> > $conf['auth']['params']['objectclass'] = array('JammMailAccount');
> > $conf['auth']['params']['filter_type'] = 'objectclass';
> > $conf['auth']['driver'] = 'ldap';
> > 
> > With this, you tell the ldap driver to do a subsearch on the SubTree 
> > 'ou=mail,ou=service,o=example,c=ch'
> > 
> > In this case, the user can bind with 
> > 
'mail=user at example.ch,jvd=example.ch,ou=mail,ou=service,o=example,c=ch' :-)
> > 
> > I guess, this is what you need?

More information about the horde mailing list