[horde] Horde LDAP Authentication
Berk Gulenler
gulenler at boun.edu.tr
Wed Jan 12 21:36:21 UTC 2011
> On Wed, 12 Jan 2011, Berk Gulenler wrote:
>
>>>>>> Hi, I am using LDAP server as an authentication backend.
>>>>>> userPassword field of my records in LDAP server is hashed with
>>>>>> des or md5.
>>>>>> Is there any way to get salt from LDAP server? from userPassword
>>>>>> field? I think getSalt function in Auth.php is doing something
>>>>>> else. And also ldap.php.
>>>>>
>>>>> No, getSalt() is what you are looking for, though it doesn't work
>>>>> directly on the LDAP server, so you need to retrieve the password
>>>>> hash first.
>>>> You mean this is not Horde doing right now. Is it possible to
>>>> extend the authentication module like this? as a new enhancement?
>>>
>>> No, why? It's all there, you just need to use one after the other.
>> How can I?
>>
>> I don't want to insert my code into Horde. By that way updating Horde
>> will be impossible. I am trying to find a way to fully integrate
>> Horde system with Qmail-Ldap. First part is integrating
>> authentication. I'm keeping my users' account passwords hashed, not
>> plain text. That's why users can't bind to ldap server. Of course
>> there is another way, keeping users' passwords plain text (which is
>> not a secure way to keep) and securing passwords with TLS connection.
>
> If you are performing an LDAP bind operation, why does it matter which
> format your LDAP server stores the userPassword in?
I want to authenticate myself. For authentication I need to access the
userPassword field which will be my salt string to hash my password in
the right way which is in LDAP server that I can't reach(bind). It is
like a weird loop. :)
>
> Does Horde need read access to the userPassword attribute, or is it
> performing an LDAP bind operation?
>
> Andy
More information about the horde
mailing list