[horde] password with LDAP backend.

Jan Schneider jan at horde.org
Mon Mar 26 09:59:24 UTC 2012


Zitat von ANANT S ATHAVALE <asa at isac.gov.in>:

> Dear Jan,
>
> Following is the log output.
>
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 fd=14 ACCEPT from  
> IP=x.x.x.x:35895 (IP=0.0.0.0:389)
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=0 BIND dn="" method=128
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=0 RESULT  
> tag=97 err=0 text=
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=1 SRCH base=""  
> scope=0 deref=0 filter="(objectClass=*)"
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=1 SRCH  
> attr=vendorName vendorVersion namingContexts altServer  
> supportedExtension supportedControl supportedSASLMechanisms  
> supportedLDAPVersion subschemaSubentry
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=1 SEARCH  
> RESULT tag=101 err=0 nentries=1 text=
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=2 SRCH base=""  
> scope=0 deref=0 filter="(objectClass=*)"
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=2 SRCH  
> attr=subschemaSubentry
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=2 SEARCH  
> RESULT tag=101 err=0 nentries=1 text=
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=3 SRCH  
> base="cn=Subschema" scope=0 deref=0 filter="(objectClass=*)"
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=3 SRCH  
> attr=attributeTypes dITContentRules dITStructureRules matchingRules  
> matchingRuleUse nameForms objectClasses ldapSyntaxes
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=3 SEARCH  
> RESULT tag=101 err=0 nentries=1 text=
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=4 BIND  
> dn="mailacceptinggeneralid=asa,dc=dos" method=128
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=4 RESULT  
> tag=97 err=49 text=
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=5 UNBIND
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 fd=14 closed
> =====
>
> As you see above, the dn is  
> "mailacceptinggeneralid=asa at isac.gov.in,dc=dos".  Actually, the  
> search should happen for mailacceptinggeneralid=asa for dc=dos  
> search base and it should get userDN.  Addition of domain name is  
> also a problem.  I can manage with that by enabling user to change  
> the user name temporarily.

What you write and what's in the log doesn't match. I don't follow.

> Following is the backends.local.php
>
> $backends['ldapadmin'] = array(
>     'disabled' => true,
>     'name' => 'LDAP Server with Admin Bindings',
>     'preferred' => '',
>     'policy' => array(
>         'minLength' => 6,
>         'minNumeric' => 1,
>     ),
>     'driver' => 'Ldap',
>     'params' => array(
>         'host' => 'localhost',
>         'port' => 389,
>         'basedn' => 'o=example.com',
>         'admindn' => 'cn=admin,o=example.com',
>         'adminpw' => 'somepassword',
>         // LDAP object key attribute.
>         'uid' => 'uid',
>         // The attribute storing the password.
>         'attribute' => 'userPassword',
>         // These attributes will enable shadow password policies.
>         // 'shadowlastchange' => 'shadowLastChange',
>         // 'shadowmin' => 'shadowMin',
>         // This will be appended to the username when looking for the userdn.
>         'realm' => '',
>         // Use this filter when searching for the user's DN.
>         'filter' => '',
>         // Hash method to use when storing the password
>         'encryption' => 'crypt',
>         // If set, should be 0 or 1. See the LDAP documentation about the
>         // corresponding parameter REFERRALS.
>         // Windows 2003 Server require to set this parameter to 0
>         // 'referrals' => 0,
>         // Whether to enable TLS for this LDAP connection
>         // Note: make sure that the host matches cn in the server  
> certificate.
>         'tls' => false
>     ),
> );
>
> Regards,
> ANANT.
>
>
>
> ----- Message from Jan Schneider <jan at horde.org> ---------
>    Date: Mon, 26 Mar 2012 10:07:49 +0200
>    From: Jan Schneider <jan at horde.org>
> Subject: Re: [horde] password with LDAP backend.
>      To: horde at lists.horde.org
>
>
>> Zitat von ANANT S ATHAVALE <asa at isac.gov.in>:
>>
>>> Dear List,
>>>
>>> There seems to be no separate mailing list for passwd. So, sending  
>>> to horde list.
>>>
>>> I found that, change password does not work with LDAP backend.  I  
>>> get the following error: Bind failed: Invalid credentials.
>>>
>>> As per the ldap logs, the userdn is not properly getting set.  ie.  
>>> userdn is not correct.  I am using Passwd 4.0.1.  I think,  
>>> FinduserDN is not giving correct output.  I am currently not using  
>>> any hooks.
>>>
>>> Can anybody update on this.  If you want any more inputs, please  
>>> let me know.
>>
>> How about telling us *what* is not correct with the DN?
>>
>> Jan.
>>
>> -- 
>> The Horde Project
>> http://www.horde.org/
>>
>>
>> -- 
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
>
> ----- End message from Jan Schneider <jan at horde.org> -----
>
>
> -- 
> Anant S Athavale,
>
> ------------------------------------------------------------------------------
> Confidentiality Notice: This e-mail message, including any  
> attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
> ------------------------------------------------------------------------------
>
> -- 
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org

-- 
The Horde Project
http://www.horde.org/




More information about the horde mailing list