[horde] connecting to LDAP
Silver Salonen
silver at ultrasoft.ee
Thu Sep 22 06:34:00 PDT 2005
Hi again, Michael.
Are you sure that your Horde really binds into LDAP (with username and
password provided by user logging in) when you put $conf['auth']['params']
['binddn'] and $conf['auth']['params']['password'] to value NULL?
Because my Horde doesn't for sure. It seems to try anonymous search instead.
But I really wouldn't like to give such access rights in OpenLDAP.
Silver
> I changed my config to:
> $conf['auth']['params']['hostspec'] = 'localhost';
> $conf['auth']['params']['basedn'] = 'dc=mail,dc=hosting,dc=example,dc=dom';
> $conf['auth']['params']['binddn'] = NULL;
> $conf['auth']['params']['password'] = NULL;
> $conf['auth']['params']['version'] = '3';
> $conf['auth']['params']['uid'] = 'mail';
> $conf['auth']['params']['objectclass'] = array('courierMailAccount');
> $conf['auth']['params']['filter_type'] = 'objectclass';
> $conf['auth']['driver'] = 'ldap';
>
> In LDAP I've got user:
>
mail=silver at ultrasoft.ee,cn=ultrasoft.ee,dc=mail,dc=hosting,dc=example,dc=dom
>
> OpenLDAP debugging log:
> Sep 21 17:03:38 mymachine slapd[95941]: conn=93 fd=15 ACCEPT from
> IP=127.0.0.1:57431 (IP=127.0.0.1:389)
> Sep 21 17:03:38 mymachine slapd[95941]: conn=93 op=0 SRCH
> base="dc=mail,dc=hosting,dc=example,dc=dom" scope=2 deref=0
> filter="(mail=silver at ultrasoft.ee)"
> Sep 21 17:03:38 mymachine slapd[95941]: conn=93 op=0 SRCH attr=mail
> Sep 21 17:03:38 mymachine slapd[95941]: conn=93 op=0 SEARCH RESULT tag=101
> err=0 nentries=0 text=
> Sep 21 17:03:38 mymachine slapd[95941]: conn=93 op=1 UNBIND
> Sep 21 17:03:38 mymachine slapd[95941]: conn=93 fd=15 closed
>
> As I understand, Horde actually doesn't try to bind into LDAP with such
> configuration. And so it doesn't get any info from LDAP.
>
> > vi config/conf.php
> >
> > $conf['auth']['params']['hostspec'] = 'ldaps://ldapm.example.ch:636';
> > $conf['auth']['params']['basedn'] = 'ou=mail,ou=service,o=example,c=ch';
> > // With the following two entries, we can force Horde to authenticate
> > with the users credentials
> > $conf['auth']['params']['binddn'] = NULL;
> > $conf['auth']['params']['password'] = NULL;
> > $conf['auth']['params']['version'] = '3';
> > $conf['auth']['params']['uid'] = 'mail';
> > $conf['auth']['params']['objectclass'] = array('JammMailAccount');
> > $conf['auth']['params']['filter_type'] = 'objectclass';
> > $conf['auth']['driver'] = 'ldap';
> >
> > With this, you tell the ldap driver to do a subsearch on the SubTree
> > 'ou=mail,ou=service,o=example,c=ch'
> >
> > In this case, the user can bind with
> >
'mail=user at example.ch,jvd=example.ch,ou=mail,ou=service,o=example,c=ch' :-)
> >
> > I guess, this is what you need?
More information about the horde
mailing list