[horde] password with LDAP backend.

ANANT S ATHAVALE asa at isac.gov.in
Mon Mar 26 09:48:14 UTC 2012 

Dear Jan,

Following is the log output.

Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 fd=14 ACCEPT from  
IP=x.x.x.x:35895 (IP=0.0.0.0:389)
Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=0 BIND dn="" method=128
Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=0 RESULT tag=97  
err=0 text=
Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=1 SRCH base=""  
scope=0 deref=0 filter="(objectClass=*)"
Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=1 SRCH  
attr=vendorName vendorVersion namingContexts altServer  
supportedExtension supportedControl supportedSASLMechanisms  
supportedLDAPVersion subschemaSubentry
Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=1 SEARCH RESULT  
tag=101 err=0 nentries=1 text=
Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=2 SRCH base=""  
scope=0 deref=0 filter="(objectClass=*)"
Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=2 SRCH  
attr=subschemaSubentry
Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=2 SEARCH RESULT  
tag=101 err=0 nentries=1 text=
Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=3 SRCH  
base="cn=Subschema" scope=0 deref=0 filter="(objectClass=*)"
Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=3 SRCH  
attr=attributeTypes dITContentRules dITStructureRules matchingRules  
matchingRuleUse nameForms objectClasses ldapSyntaxes
Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=3 SEARCH RESULT  
tag=101 err=0 nentries=1 text=
Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=4 BIND  
dn="mailacceptinggeneralid=asa,dc=dos" method=128
Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=4 RESULT tag=97  
err=49 text=
Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=5 UNBIND
Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 fd=14 closed
=====

As you see above, the dn is  
"mailacceptinggeneralid=asa at isac.gov.in,dc=dos".  Actually, the search  
should happen for mailacceptinggeneralid=asa for dc=dos search base  
and it should get userDN.  Addition of domain name is also a problem.   
I can manage with that by enabling user to change the user name  
temporarily.

Following is the backends.local.php

$backends['ldapadmin'] = array(
     'disabled' => true,
     'name' => 'LDAP Server with Admin Bindings',
     'preferred' => '',
     'policy' => array(
         'minLength' => 6,
         'minNumeric' => 1,
     ),
     'driver' => 'Ldap',
     'params' => array(
         'host' => 'localhost',
         'port' => 389,
         'basedn' => 'o=example.com',
         'admindn' => 'cn=admin,o=example.com',
         'adminpw' => 'somepassword',
         // LDAP object key attribute.
         'uid' => 'uid',
         // The attribute storing the password.
         'attribute' => 'userPassword',
         // These attributes will enable shadow password policies.
         // 'shadowlastchange' => 'shadowLastChange',
         // 'shadowmin' => 'shadowMin',
         // This will be appended to the username when looking for the userdn.
         'realm' => '',
         // Use this filter when searching for the user's DN.
         'filter' => '',
         // Hash method to use when storing the password
         'encryption' => 'crypt',
         // If set, should be 0 or 1. See the LDAP documentation about the
         // corresponding parameter REFERRALS.
         // Windows 2003 Server require to set this parameter to 0
         // 'referrals' => 0,
         // Whether to enable TLS for this LDAP connection
         // Note: make sure that the host matches cn in the server certificate.
         'tls' => false
     ),
);

Regards,
ANANT.



----- Message from Jan Schneider <jan at horde.org> ---------
    Date: Mon, 26 Mar 2012 10:07:49 +0200
    From: Jan Schneider <jan at horde.org>
Subject: Re: [horde] password with LDAP backend.
      To: horde at lists.horde.org


> Zitat von ANANT S ATHAVALE <asa at isac.gov.in>:
>
>> Dear List,
>>
>> There seems to be no separate mailing list for passwd. So, sending  
>> to horde list.
>>
>> I found that, change password does not work with LDAP backend.  I  
>> get the following error: Bind failed: Invalid credentials.
>>
>> As per the ldap logs, the userdn is not properly getting set.  ie.  
>> userdn is not correct.  I am using Passwd 4.0.1.  I think,  
>> FinduserDN is not giving correct output.  I am currently not using  
>> any hooks.
>>
>> Can anybody update on this.  If you want any more inputs, please  
>> let me know.
>
> How about telling us *what* is not correct with the DN?
>
> Jan.
>
> -- 
> The Horde Project
> http://www.horde.org/
>
>
> -- 
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org


----- End message from Jan Schneider <jan at horde.org> -----


-- 
Anant S Athavale,

------------------------------------------------------------------------------
Confidentiality Notice: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
------------------------------------------------------------------------------

More information about the horde mailing list