[horde] Fwd: create ldap accounts with horde4 admin UI

Sat Mar 17 16:56:30 UTC 2012

Keep things on the mailing list! Please.

----- Weitergeleitete Nachricht von wodel youchi <wodel_doom at yahoo.fr> -----
      Datum: Fri, 16 Mar 2012 21:26:11 +0000 (GMT)
        Von: wodel youchi <wodel_doom at yahoo.fr>
Antwort an: wodel youchi <wodel_doom at yahoo.fr>
    Betreff: Re : [horde] create ldap accounts with horde4 admin UI
         An: Jan Schneider <jan at horde.org>

Hi,

could some one tell me, if what I did to create ldap accounts via the  
horde's 4 admin UI is safe? 
or does any one have a better idea!!!?

thanks

________________________________
  De : wodel youchi <wodel_doom at yahoo.fr>
À : Jan Schneider <jan at horde.org>
Envoyé le : Mercredi 29 février 2012 17h01
Objet : Re : [horde] create ldap accounts with horde4 admin UI

Hi,

I've managed to create ldap accounts via horde's 4 admin UI, by doing this:

in horde/config/hook.php
 public function preauthenticate($userId, $credentials)
    {
           if($credentials['authMethod'] == 'admin'){
                 // create account
                $entry = array(
                        'ldap' =>
  'ldap',
                        'dn' => 'uid=' . $userId .  
',ou=people,dc=exemple,dc=com',
                        'cn' => isset($credentials['user_fullname']) ?  
$credentials['user_fullname'] : $userId,
                        'sn' => $userId,
                        'objectclass' => array(

  'top',
                        'person',
                        'qmailuser',
                        'inetOrgPerson',
                        'posixAccount',
                        'shadowAccount',

  'organizationalPerson'
                            ),
                    'mailhost' => 'mail.wodel.wd',
                    'mailMessageStore' => '/var/vmail/' . $userId,
                    'homeDirectory' => '/var/vmail/' . $userId,
                    'uid' => $userId,
                    'accountStatus' =>
  'yes',
                    'mailQuotaSize' => '30720',
                    'mail' => $userId . '@exemple.com',
                    'gidNumber' => 1000,
                );

                $ldapServer = '127.0.0.1';
                $ldapPort = '389';
                $binddn =
  'cn=admin,dc=exemple,dc=com';
                $bindpw = 'password';
                $searchBase = 'dc=exemple,dc=com';

                if (isset($credentials)) {
                        $ds = @ldap_connect($ldapServer, $ldapPort);
                                if (@ldap_bind($ds, $binddn, $bindpw)) {

                $searchResult = @ldap_search($ds, $searchBase,  
'cn=NextFreeUnixId');
                                          if ($information =  
@ldap_get_entries($ds, $searchResult)) {

ldap_modify($ds, 'cn=NextFreeUnixId,dc=exemple,dc=com',  
array('uidnumber' => $information[0]['uidnumber'][0] +
  1));

$entry['uidNumber'] = $information[0]['uidnumber'][0];
                                          }

  @ldap_close($ds);
                        }                       
                }

                if (isset($credentials['password'])) {
                        $entry['userPassword'] = '{SHA}' .  
base64_encode(pack('H*', sha1($credentials['password'])));
                } elseif (isset($credentials['user_pass_2']))
  {
                    $entry['userPassword'] = '{SHA}' .  
base64_encode(pack('H*', sha1($credentials['user_pass_2'])));
                }

                return array(
                    'userId' => $userId,
                    'credentials' => $entry
                );

        } elseif($credentials['authMethod'] == 'transparent')
  {
                // just for test
                 print('TRANSPARENT');
                // connection or deconnexion

        } elseif($credentials['authMethod'] == 'authenticate') {
                // just for test

  print('AUTHENTICATE');
                // authentication
        } else {
                // just for test
                print('OTHER');               
        }
}

in /usr/share/pear/Horde/Auth/Ldap.php I added this to the addUser function

public function addUser($userId, $credentials)

  {
        if (!empty($this->_params['ad'])) {
            throw new Horde_Auth_Exception(__CLASS__ . ': Adding users  
is not supported for Active Directory.');
        }

        if (isset($credentials['ldap'])) {

            $entry = array();
            $entry = $credentials;
            $dn = $entry['dn'];

            /* added by me*/
            /* Remove the ldap entry from the array.
  */

            /* Remove the dn entry from the array. */
            unset($entry['dn']);
            unset($entry['ldap']);

        } else {

// THE REST OF THE FUNCTION

}

I don't know if this will not break something somewhere!!!

thanks

________________________________
  De : Jan Schneider <jan at horde.org>
À : horde at lists.horde.org
Envoyé le : Mardi 28 février 2012 13h05
Objet : Re: [horde] create ldap accounts with horde4 admin UI

Zitat von wodel youchi <wodel_doom at yahoo.fr>:

> Hi,
>
> I've installed Horde4 with Imp, Turba and Password.
>
> My authentication is made against openLDAP, and I want to be able to  
> create accounts via the horde admin UI, I've made such configuration  
> in Horde3 with the custom function hooks, but now I am unable to do  
> so in Horde4, I've tried modifying the function
  preauthenticate in hook.php file, but with no luck.

And what is your question? Without more detailed information what  
exactly you tried, what worked and what didn't, there isn't much how  
we could help you.

Jan.

--The Horde Project
http://www.horde.org/

--Horde mailing list
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: horde-unsubscribe at lists.horde.org

----- Ende der weitergeleiteten Nachricht -----
-- 
The Horde Project
http://www.horde.org/