[horde] [Horde]LDAP auth problems

geoffroy desvernay dgeo at centrale-marseille.fr
Mon Nov 21 10:46:13 UTC 2011


Hi.

Re-using this thread as I may have found a bug in Auth_Ldap tha may be 
linked with this case:

After some time debugging with Horde-4.0.11, it seems that with
$conf['ldap']['bindas'] = 'user';

The config interface fills
$conf['ldap']['user']['binddn']
$conf['ldap']['user']['bindpw']

And those are never user (horde binds anonymously to fins user's DN and 
fails)

If i manually change the config, filling $conf['ldap']['binddn'] instead 
of $conf['ldap']['user']['binddn'], I can log in.

(Not tested if user's DN is then used, or if this binddn/pw couple is 
used all the time)

I don't know what needs correction: config interface only, or 
_bind(dn,pass) explicitly in findUserDN() ?

HTH,

dgeo

On 28.10.2011 19:36, Nicolas Torres wrote:
> If you ar planning to use *only* that domain, you can specify that branch of
> the LDAP tree as base DN.
>
> Anyway I think you should check  the username.
> Here it says "FAILED LOGIN for *user at domain.ro*"
>
> and you are talking about test at mydomain.com
> Remember to enter the username with the full domain in the authentication
> page.
>
> And in the config you have:  *$conf['ldap']['bindas'] = 'user';*
> I have  *$conf['ldap']['bindas'] = 'admin';*
>
> It's not that important but make sure your LDAP server configuration permits
> it.
>
> Could you describe your environment?  (Linux, OpenLdap, Dovecot, Mysql,
> PostFix)?
>
> I hope it helps...
>
> 2011/10/28 Stefan Dinescu<stefan.dinescu.m at gmail.com>
>
>> Hy,
>>
>> I was given a task to make a LDAP authentification for horde, but i
>> can't get it to work. I am stuck for the last 2 days and google isn't
>> very useful this time. Here is my horde/config/conf.php
>>
>> $conf['ldap']['user']['binddn'] = 'cn=admin
>> 1,ou=Administrators,ou=mail,o=company';
>> $conf['ldap']['user']['bindpw'] = 'password1';
>> $conf['ldap']['user']['uid'] = 'uid';
>> $conf['ldap']['user']['objectclass'] = array('*');
>> $conf['ldap']['user']['filter_type'] = 'objectclass';
>> $conf['ldap']['bindas'] = 'user';
>> $conf['ldap']['useldap'] = true;


-- 
*geoffroy desvernay*
C.R.I - Administration systèmes et réseaux
Ecole Centrale de Marseille



More information about the horde mailing list