[horde] Horde LDAP Authentication

Andrew Morgan morgan at orst.edu
Wed Jan 12 20:53:21 UTC 2011


On Wed, 12 Jan 2011, Berk Gulenler wrote:

>>>>> Hi, I am using LDAP server as an authentication backend. userPassword 
>>>>> field of my records in LDAP server is hashed with des or md5.
>>>>> Is there any way to get salt from LDAP server? from userPassword field? 
>>>>> I think getSalt function in Auth.php is doing something else. And also 
>>>>> ldap.php.
>>>> 
>>>> No, getSalt() is what you are looking for, though it doesn't work 
>>>> directly on the LDAP server, so you need to retrieve the password hash 
>>>> first.
>>> You mean this is not Horde doing right now. Is it possible to extend the 
>>> authentication module like this? as a new enhancement?
>> 
>> No, why? It's all there, you just need to use one after the other.
> How can I?
>
> I don't want to insert my code into Horde. By that way updating Horde will be 
> impossible. I am trying to find a way to fully integrate Horde system with 
> Qmail-Ldap. First part is integrating authentication. I'm keeping my users' 
> account passwords hashed, not plain text. That's why users can't bind to ldap 
> server. Of course there is another way, keeping users' passwords plain text 
> (which is not a secure way to keep) and securing passwords with TLS 
> connection.

If you are performing an LDAP bind operation, why does it matter which 
format your LDAP server stores the userPassword in?

Does Horde need read access to the userPassword attribute, or is it 
performing an LDAP bind operation?

 	Andy


More information about the horde mailing list