[horde] Horde 3 and LDAP

Andy Dorman adorman at ironicdesign.com
Mon Oct 25 22:15:49 UTC 2010 

On 10/25/2010 04:46 PM, Andreas Schallenberg wrote:
>
> Unfortunately, this does not tell me, why the binding was not possible.
> I guess that my conf.php section for "auth" is wrong:
>
> ...
> $conf['auth']['admins'] = array('hordeadmin');
> $conf['auth']['checkip'] = true;
> $conf['auth']['checkbrowser'] = true;
> $conf['auth']['alternate_login'] = false;
> $conf['auth']['redirect_on_logout'] = false;
> $conf['auth']['driver'] = 'ldap';
> $conf['auth']['params']['hostspec'] = 'ldap://ldap.mydomain.de';
> $conf['auth']['params']['basedn'] = 'dc=mydomain,dc=de';
> $conf['auth']['params']['binddn'] = 'cn=admin,dc=mydomain,dc=de';
> $conf['auth']['params']['password'] = 'myldapadminpassword';
> $conf['auth']['params']['uid'] = 'people';
> $conf['auth']['params']['encryption'] = 'md5';
> ...
>
> (manually replaced "mydomain" and "myldapadminpassword")
>
> I can sign in as LDAP admin with "cn=admin,dc=mydomain,dc=de"
> using phpLDAPadmin.
>
> The LDAP tree is (some leaf nodes omitted):
>
> dc=mydomain, dc=de
> +--ou=groups
> |   + cn=ldapusers
> +--ou=people
>      + cn=hordeadmin
>
> And "hordeadmin" is in group "ldapusers".
>
> Does anybody see a mistake I made?
>
> If no, is there a way to get a more detailed message?
> Including a bit more "what" and "why"?
>

Andreas, we use LDAP for our user base authentication and horde/imp preferences 
across a cluster of servers.  One thing that really helped us when setting up 
was checking the LDAP logs to see what LDAP did not like about the logins.

And FWIW, below is a sanitized look at our settings...Since we block all outside 
access to LDAP and run LDAP locally on each server for read access, we do not 
use encryption to help a little with login speed.

=== auth settings ===
$conf['auth']['params']['hostspec'] = 'localhost';
$conf['auth']['params']['basedn'] = 'ou=addresses,o=antespam.com';
$conf['auth']['params']['binddn'] = 'o=antespam.com';
$conf['auth']['params']['password'] = 'xxxxxxxxxxxxxxxxxxxx';
$conf['auth']['params']['version'] = '3';
$conf['auth']['params']['tls'] = false;
$conf['auth']['params']['scope'] = 'one';
$conf['auth']['params']['ad'] = false;
$conf['auth']['params']['uid'] = 'uid';
$conf['auth']['params']['encryption'] = 'plain';
$conf['auth']['params']['newuser_objectclass'] = array('idAddress', 'fmAddress');
$conf['auth']['params']['objectclass'] = array('fmAddress');
$conf['auth']['params']['filter_type'] = 'objectclass';
$conf['auth']['params']['password_expiration'] = 'no';
$conf['auth']['driver'] = 'ldap';
...

Hope this helps.

-- 
Andy Dorman
FanMail.com
Ironic Design, Inc.
AnteSpam.com, HomeFreeMail.com, ComeHome.net

More information about the horde mailing list