[horde] Fwd: create ldap accounts with horde4 admin UI

Jan Schneider jan at horde.org
Sat Mar 17 16:56:30 UTC 2012


Keep things on the mailing list! Please.

----- Weitergeleitete Nachricht von wodel youchi <wodel_doom at yahoo.fr> -----
      Datum: Fri, 16 Mar 2012 21:26:11 +0000 (GMT)
        Von: wodel youchi <wodel_doom at yahoo.fr>
Antwort an: wodel youchi <wodel_doom at yahoo.fr>
    Betreff: Re : [horde] create ldap accounts with horde4 admin UI
         An: Jan Schneider <jan at horde.org>

Hi,

could some one tell me, if what I did to create ldap accounts via the  
horde's 4 admin UI is safe? 
or does any one have a better idea!!!?


thanks



________________________________
  De : wodel youchi <wodel_doom at yahoo.fr>
À : Jan Schneider <jan at horde.org>
Envoyé le : Mercredi 29 février 2012 17h01
Objet : Re : [horde] create ldap accounts with horde4 admin UI


Hi,

I've managed to create ldap accounts via horde's 4 admin UI, by doing this:

in horde/config/hook.php
 public function preauthenticate($userId, $credentials)
    {
           if($credentials['authMethod'] == 'admin'){
                 // create account
                $entry = array(
                        'ldap' =>
  'ldap',
                        'dn' => 'uid=' . $userId .  
',ou=people,dc=exemple,dc=com',
                        'cn' => isset($credentials['user_fullname']) ?  
$credentials['user_fullname'] : $userId,
                        'sn' => $userId,
                        'objectclass' => array(
                       
  'top',
                        'person',
                        'qmailuser',
                        'inetOrgPerson',
                        'posixAccount',
                        'shadowAccount',
                       
  'organizationalPerson'
                            ),
                    'mailhost' => 'mail.wodel.wd',
                    'mailMessageStore' => '/var/vmail/' . $userId,
                    'homeDirectory' => '/var/vmail/' . $userId,
                    'uid' => $userId,
                    'accountStatus' =>
  'yes',
                    'mailQuotaSize' => '30720',
                    'mail' => $userId . '@exemple.com',
                    'gidNumber' => 1000,
                );



                $ldapServer = '127.0.0.1';
                $ldapPort = '389';
                $binddn =
  'cn=admin,dc=exemple,dc=com';
                $bindpw = 'password';
                $searchBase = 'dc=exemple,dc=com';


                if (isset($credentials)) {
                        $ds = @ldap_connect($ldapServer, $ldapPort);
                                if (@ldap_bind($ds, $binddn, $bindpw)) {
                           
                $searchResult = @ldap_search($ds, $searchBase,  
'cn=NextFreeUnixId');
                                          if ($information =  
@ldap_get_entries($ds, $searchResult)) {
                                                        
ldap_modify($ds, 'cn=NextFreeUnixId,dc=exemple,dc=com',  
array('uidnumber' => $information[0]['uidnumber'][0] +
  1));
                                                        
$entry['uidNumber'] = $information[0]['uidnumber'][0];
                                          }
                               
  @ldap_close($ds);
                        }                       
                }

                if (isset($credentials['password'])) {
                        $entry['userPassword'] = '{SHA}' .  
base64_encode(pack('H*', sha1($credentials['password'])));
                } elseif (isset($credentials['user_pass_2']))
  {
                    $entry['userPassword'] = '{SHA}' .  
base64_encode(pack('H*', sha1($credentials['user_pass_2'])));
                }

                return array(
                    'userId' => $userId,
                    'credentials' => $entry
                );




        } elseif($credentials['authMethod'] == 'transparent')
  {
                // just for test
                 print('TRANSPARENT');
                // connection or deconnexion

        } elseif($credentials['authMethod'] == 'authenticate') {
                // just for test
               
  print('AUTHENTICATE');
                // authentication
        } else {
                // just for test
                print('OTHER');               
        }
}


in /usr/share/pear/Horde/Auth/Ldap.php I added this to the addUser function


public function addUser($userId, $credentials)
   
  {
        if (!empty($this->_params['ad'])) {
            throw new Horde_Auth_Exception(__CLASS__ . ': Adding users  
is not supported for Active Directory.');
        }

        if (isset($credentials['ldap'])) {

            $entry = array();
            $entry = $credentials;
            $dn = $entry['dn'];

            /* added by me*/
            /* Remove the ldap entry from the array.
  */

            /* Remove the dn entry from the array. */
            unset($entry['dn']);
            unset($entry['ldap']);
         
        } else {


// THE REST OF THE FUNCTION


}


I don't know if this will not break something somewhere!!!


thanks



________________________________
  De : Jan Schneider <jan at horde.org>
À : horde at lists.horde.org
Envoyé le : Mardi 28 février 2012 13h05
Objet : Re: [horde] create ldap accounts with horde4 admin UI


Zitat von wodel youchi <wodel_doom at yahoo.fr>:

> Hi,
>
> I've installed Horde4 with Imp, Turba and Password.
>
> My authentication is made against openLDAP, and I want to be able to  
> create accounts via the horde admin UI, I've made such configuration  
> in Horde3 with the custom function hooks, but now I am unable to do  
> so in Horde4, I've tried modifying the function
  preauthenticate in hook.php file, but with no luck.

And what is your question? Without more detailed information what  
exactly you tried, what worked and what didn't, there isn't much how  
we could help you.

Jan.

--The Horde Project
http://www.horde.org/


--Horde mailing list
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: horde-unsubscribe at lists.horde.org

----- Ende der weitergeleiteten Nachricht -----
-- 
The Horde Project
http://www.horde.org/




More information about the horde mailing list