[horde] [Horde]LDAP auth problems

Nicolas Torres carlos.torres at globant.com
Fri Oct 28 17:36:57 UTC 2011 

If you ar planning to use *only* that domain, you can specify that branch of
the LDAP tree as base DN.

Anyway I think you should check  the username.
Here it says "FAILED LOGIN for *user at domain.ro*"

and you are talking about test at mydomain.com
Remember to enter the username with the full domain in the authentication
page.

And in the config you have:  *$conf['ldap']['bindas'] = 'user';*
I have  *$conf['ldap']['bindas'] = 'admin';*

It's not that important but make sure your LDAP server configuration permits
it.

Could you describe your environment?  (Linux, OpenLdap, Dovecot, Mysql,
PostFix)?

I hope it helps...

2011/10/28 Stefan Dinescu <stefan.dinescu.m at gmail.com>

> Hy,
>
> I was given a task to make a LDAP authentification for horde, but i
> can't get it to work. I am stuck for the last 2 days and google isn't
> very useful this time. Here is my horde/config/conf.php
>
> <?php
> /* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
> // $Id: 234c6a25837ade4d777c5c597115ea0b46715ba5 $
> $conf['vhosts'] = false;
> $conf['debug_level'] = E_ALL & ~E_NOTICE;
> $conf['max_exec_time'] = 0;
> $conf['compress_pages'] = true;
> $conf['secret_key'] = '4ea809c4-d184-465e-b4b5-6743855c3b2a';
> $conf['umask'] = 077;
> $conf['testdisable'] = false;
> $conf['use_ssl'] = 2;
> $conf['server']['name'] = $_SERVER['SERVER_NAME'];
> $conf['urls']['token_lifetime'] = 30;
> $conf['urls']['hmac_lifetime'] = 30;
> $conf['urls']['pretty'] = false;
> $conf['safe_ips'] = array();
> $conf['session']['name'] = 'Horde';
> $conf['session']['use_only_cookies'] = true;
> $conf['session']['cache_limiter'] = 'nocache';
> $conf['session']['timeout'] = 0;
> $conf['cookie']['domain'] = $_SERVER['SERVER_NAME'];
> $conf['cookie']['path'] = '/';
> $conf['sql']['persistent'] = false;
> $conf['sql']['username'] = 'sqluser';
> $conf['sql']['password'] = 'sqlpass';
> $conf['sql']['hostspec'] = 'localhost';
> $conf['sql']['port'] = 3306;
> $conf['sql']['protocol'] = 'tcp';
> $conf['sql']['database'] = 'horde';
> $conf['sql']['charset'] = 'utf-8';
> $conf['sql']['ssl'] = false;
> $conf['sql']['splitread'] = false;
> $conf['sql']['phptype'] = 'mysql';
> $conf['ldap']['hostspec'] = '192.168.0.20';
> $conf['ldap']['port'] = 389;
> $conf['ldap']['tls'] = false;
> $conf['ldap']['version'] = 3;
> $conf['ldap']['user']['binddn'] = 'cn=admin
> 1,ou=Administrators,ou=mail,o=company';
> $conf['ldap']['user']['bindpw'] = 'password1';
> $conf['ldap']['user']['uid'] = 'uid';
> $conf['ldap']['user']['objectclass'] = array('*');
> $conf['ldap']['user']['filter_type'] = 'objectclass';
> $conf['ldap']['bindas'] = 'user';
> $conf['ldap']['useldap'] = true;
> $conf['auth']['admins'] = array('test at gogu.com');
> $conf['auth']['checkip'] = true;
> $conf['auth']['checkbrowser'] = true;
> $conf['auth']['alternate_login'] = false;
> $conf['auth']['redirect_on_logout'] = false;
> $conf['auth']['list_users'] = 'list';
> $conf['auth']['params']['basedn'] = 'ou=vpopmail,ou=mail,o=company';
> $conf['auth']['params']['scope'] = 'sub';
> $conf['auth']['params']['ad'] = false;
> $conf['auth']['params']['uid'] = 'uid';
> $conf['auth']['params']['encryption'] = 'plain';
> $conf['auth']['params']['newuser_objectclass'] =
> array('shadowAccount', 'inetOrgPerson');
> $conf['auth']['params']['filter'] = '(objectclass=shadowAccount)';
> $conf['auth']['params']['password_expiration'] = 'no';
> $conf['auth']['params']['driverconfig'] = 'horde';
> $conf['auth']['driver'] = 'ldap';
> $conf['auth']['params']['count_bad_logins'] = false;
> $conf['auth']['params']['login_block'] = false;
> $conf['auth']['params']['login_block_count'] = 5;
> $conf['auth']['params']['login_block_time'] = 5;
> $conf['nobase64_img'] = false;
> $conf['signup']['allow'] = false;
> $conf['log']['priority'] = 'DEBUG';
> $conf['log']['ident'] = 'HORDE_NEW';
> $conf['log']['name'] = '/tmp/log_stefan.log';
> $conf['log']['type'] = 'file';
> $conf['log']['enabled'] = true;
> $conf['log_accesskeys'] = false;
> $conf['prefs']['params']['driverconfig'] = 'horde';
> $conf['prefs']['driver'] = 'Sql';
> $conf['alarms']['params']['driverconfig'] = 'horde';
> $conf['alarms']['params']['ttl'] = 300;
> $conf['alarms']['driver'] = 'Sql';
> $conf['datatree']['driver'] = 'null';
> $conf['group']['driverconfig'] = 'horde';
> $conf['group']['driver'] = 'Sql';
> $conf['group']['cache'] = false;
> $conf['perms']['driverconfig'] = 'horde';
> $conf['perms']['driver'] = 'Sql';
> $conf['share']['no_sharing'] = false;
> $conf['share']['auto_create'] = true;
> $conf['share']['world'] = true;
> $conf['share']['any_group'] = false;
> $conf['share']['hidden'] = false;
> $conf['share']['cache'] = false;
> $conf['share']['driver'] = 'Sqlng';
> $conf['cache']['default_lifetime'] = 86400;
> $conf['cache']['params']['sub'] = 0;
> $conf['cache']['driver'] = 'File';
> $conf['cache']['compress'] = true;
> $conf['cache']['use_memorycache'] = '';
> $conf['cachecss'] = false;
> $conf['cachejs'] = false;
> $conf['cachethemes'] = false;
> $conf['lock']['params']['driverconfig'] = 'horde';
> $conf['lock']['driver'] = 'Sql';
> $conf['token']['params']['driverconfig'] = 'horde';
> $conf['token']['driver'] = 'Sql';
> $conf['mailer']['params']['sendmail_path'] = '/usr/lib/sendmail';
> $conf['mailer']['params']['sendmail_args'] = '-oi';
> $conf['mailer']['type'] = 'sendmail';
> $conf['mailformat']['brokenrfc2231'] = false;
> $conf['vfs']['params']['driverconfig'] = 'horde';
> $conf['vfs']['type'] = 'Sql';
> $conf['sessionhandler']['type'] = 'Builtin';
> $conf['sessionhandler']['memcache'] = false;
> $conf['spell']['driver'] = '';
> $conf['gnupg']['keyserver'] = array('pool.sks-keyservers.net');
> $conf['gnupg']['timeout'] = 10;
> $conf['image']['driver'] = false;
> $conf['exif']['driver'] = 'Bundled';
> $conf['problems']['email'] = 'webmaster at company.com';
> $conf['problems']['maildomain'] = 'example.com';
> $conf['problems']['tickets'] = false;
> $conf['problems']['attachments'] = true;
> $conf['menu']['apps'] = array();
> $conf['menu']['always'] = true;
> $conf['menu']['links']['help'] = 'all';
> $conf['menu']['links']['prefs'] = 'authenticated';
> $conf['menu']['links']['problem'] = 'all';
> $conf['menu']['links']['login'] = 'all';
> $conf['menu']['links']['logout'] = 'authenticated';
> $conf['portal']['fixed_blocks'] = array();
> $conf['accounts']['driver'] = 'null';
> $conf['user']['verify_from_addr'] = false;
> $conf['user']['select_view'] = true;
> $conf['facebook']['enabled'] = false;
> $conf['twitter']['enabled'] = false;
> $conf['urlshortener'] = false;
> $conf['imsp']['enabled'] = false;
> $conf['kolab']['enabled'] = false;
> $conf['memcache']['enabled'] = false;
> $conf['activesync']['state']['params']['devicetable'] =
> 'horde_activesync_device';
> $conf['activesync']['state']['params']['statetable'] =
> 'horde_activesync_state';
> $conf['activesync']['state']['params']['maptable'] =
> 'horde_activesync_map';
> $conf['activesync']['state']['params']['userstable'] =
> 'horde_activesync_device_users';
> $conf['activesync']['logging']['type'] = 'horde';
> $conf['activesync']['ping']['heartbeatmin'] = 60;
> $conf['activesync']['ping']['heartbeatmax'] = 2700;
> $conf['activesync']['ping']['heartbeatdefault'] = 480;
> $conf['activesync']['ping']['deviceping'] = true;
> $conf['activesync']['ping']['waitinterval'] = 5;
> $conf['activesync']['securitypolicies']['pin'] = false;
> $conf['activesync']['securitypolicies']['provisioning'] = 'loose';
> $conf['activesync']['enabled'] = true;
> /* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
>
>
> in the log i configured i get the error:
>
> DEBUG: HORDE_NEW Horde_Registry: retrieved app with cache ID
> horde_registry|app|1319635717|d619fb0bf369527e6bcef7f81be1b848 [pid
> 23644 on line 1702 of "/usr/local/lib/php/Horde/Registry.php"]
> 2011-10-28T11:39:41+03:00 DEBUG: HORDE_NEW Load config file
> (hooks.php; app: imp) [pid 23644 on line 865 of
> "/usr/local/lib/php/Horde.php"]
> 2011-10-28T11:39:41+03:00 DEBUG: HORDE_NEW [imp] Load config file
> (conf.php; app: imp) [pid 23644 on line 865 of
> "/usr/local/lib/php/Horde.php"]
> 2011-10-28T11:39:41+03:00 DEBUG: HORDE_NEW [imp] Load config file
> (backends.php; app: imp) [pid 23644 on line 865 of
> "/usr/local/lib/php/Horde.php"]
> 2011-10-28T11:39:41+03:00 ERR: HORDE_NEW [horde] FAILED LOGIN for
> user at domain.ro [193.232.101.89] to Horde [pid 23644 on line 182 of
> "/usr/local/apache2/htdocs/hordenew/login.php"]
> 2011-10-28T11:39:41+03:00 DEBUG: HORDE_NEW [horde] Load config file
> (nls.php; app: horde) [pid 23644 on line 865 of
> "/usr/local/lib/php/Horde.php"]
> 2011-10-28T11:39:41+03:00 DEBUG: HORDE_NEW [horde] Login failed
> because your username or password was entered incorrectly. [pid 23644
> on line 27 of
> "/usr/local/lib/php/Horde/Core/Notification/Handler/Decorator/Hordelog.php"]
> 2011-10-28T11:39:41+03:00 DEBUG: HORDE_NEW [horde] SQL  (0.0004s)
>     SELECT alarm_id, alarm_uid, alarm_start, alarm_end, alarm_methods,
>       alarm_params, alarm_title, alarm_text, alarm_snooze, alarm_internal
>       FROM horde_alarms WHERE alarm_dismissed = 0 AND ((alarm_snooze IS
> NULL
>       AND alarm_start <= '2011-10-28T08:39:41') OR alarm_snooze <=
>       '2011-10-28T08:39:41') AND (alarm_end IS NULL OR alarm_end >=
>       '2011-10-28T08:39:41') AND (alarm_uid IS NULL OR alarm_uid = '' OR
>       alarm_uid = '') ORDER BY alarm_start, alarm_end [pid 23644 on
> line 803 of "/usr/local/lib/php/Horde/Db/Adapter/Base.php"]
> 2011-10-28T11:39:41+03:00 DEBUG: HORDE_NEW [horde] Load config file
> (motd.php; app: horde) [pid 23644 on line 865 of
> "/usr/local/lib/php/Horde.php"]
> 2011-10-28T11:39:41+03:00 DEBUG: HORDE_NEW [horde] Max memory usage:
> 9699328 bytes [pid 23644 on line 475 of
> "/usr/local/lib/php/Horde/Registry.php"]
>
> When i log into the ldap directory it says: Logged in as: cn=admin
> 1,ou=Administrators,ou=mail,o=company
>
> I am pretty new to this job, and my knowledge of LDAP is pretty limited.
>
> in the 'ou=vpopmail,ou=mail,o=company subtree i have like 100 domains.
> i am trying to log in into test at mydomain.com
> it is located at:
>
> uid=test at mydomain.com,ou=mydomain.com,ou=vpopmail,ou=mail,o=company
>
> the info on this user is:
> dn uid=test at mydomain.com,ou=mydomain.com,ou=vpopmail,ou=mail,o=company
> uid test at mydomain.com
> sn test
> cn test
>
> the password is set as clear
>
> thanks
>
>
>
> --
> Stefan DINESCU
>
> Advertising Manager
> BOS - Business Organization for Students
> Business is fun!
>
> 0744684881
> stefan.dinescu.m at gmail.com
> stefan.dinescu at cti.pub.ro
> stefan_1414 at yahoo.com
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>



-- 
 <http://www.globant.com/> *Nicolas Torres*

AR: +54 11 4109 1700 ext. 7646
carlos.torres at globant.com

More information about the horde mailing list