[horde] Horde 3 and LDAP

Andreas Schallenberg Andreas.Schallenberg at eurobild.com
Mon Oct 25 21:46:47 UTC 2010 

Hello,

I am trying to set up a Horde 3 installation on a Debian Lenny vServer.

To authenticate users I want to use a LDAP service. This should be done,
since I can browse it using a web frontend and created a user named "hordeadmin"
which I would like to use as horde administrator.

I can access the horde login page. But when entering login ("hordeadmin") and
password the message "Could not bind to LDAP server." is being displayed
and I am back at the login page.

The horde log file contains this:

Oct 25 23:21:32 HORDE [error] [horde] FAILED LOGIN for hordeadmin [127.0.0.1] to Horde [pid 19566 on line 164 of "/usr/share/horde3/login.php"]

(Note: line 164 may be inaccurate since I added some code to try
debugging into it and deleted afterwards. So it may be 163 or 165
as well - code formatting.)

The code is:
   ...
   } else {
        $entry = sprintf('FAILED LOGIN for %s [%s] to Horde',
                         Util::getFormData('horde_user'), $_SERVER['REMOTE_ADDR']);
        Horde::logMessage($entry, __FILE__, __LINE__, PEAR_LOG_ERR);
   ...

Unfortunately, this does not tell me, why the binding was not possible.
I guess that my conf.php section for "auth" is wrong:

...
$conf['auth']['admins'] = array('hordeadmin');
$conf['auth']['checkip'] = true;
$conf['auth']['checkbrowser'] = true;
$conf['auth']['alternate_login'] = false;
$conf['auth']['redirect_on_logout'] = false;
$conf['auth']['driver'] = 'ldap';
$conf['auth']['params']['hostspec'] = 'ldap://ldap.mydomain.de';
$conf['auth']['params']['basedn'] = 'dc=mydomain,dc=de';
$conf['auth']['params']['binddn'] = 'cn=admin,dc=mydomain,dc=de';
$conf['auth']['params']['password'] = 'myldapadminpassword';
$conf['auth']['params']['uid'] = 'people';
$conf['auth']['params']['encryption'] = 'md5';
...

(manually replaced "mydomain" and "myldapadminpassword")

I can sign in as LDAP admin with "cn=admin,dc=mydomain,dc=de"
using phpLDAPadmin.

The LDAP tree is (some leaf nodes omitted):

dc=mydomain, dc=de
+--ou=groups
|   + cn=ldapusers
+--ou=people
    + cn=hordeadmin

And "hordeadmin" is in group "ldapusers".

Does anybody see a mistake I made?

If no, is there a way to get a more detailed message?
Including a bit more "what" and "why"?

Is there any test I can run that may reveal something?

Regards,
Andreas

More information about the horde mailing list