[horde] password with LDAP backend.
Jan Schneider
jan at horde.org
Mon Mar 26 09:59:24 UTC 2012
Zitat von ANANT S ATHAVALE <asa at isac.gov.in>:
> Dear Jan,
>
> Following is the log output.
>
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 fd=14 ACCEPT from
> IP=x.x.x.x:35895 (IP=0.0.0.0:389)
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=0 BIND dn="" method=128
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=0 RESULT
> tag=97 err=0 text=
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=1 SRCH base=""
> scope=0 deref=0 filter="(objectClass=*)"
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=1 SRCH
> attr=vendorName vendorVersion namingContexts altServer
> supportedExtension supportedControl supportedSASLMechanisms
> supportedLDAPVersion subschemaSubentry
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=1 SEARCH
> RESULT tag=101 err=0 nentries=1 text=
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=2 SRCH base=""
> scope=0 deref=0 filter="(objectClass=*)"
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=2 SRCH
> attr=subschemaSubentry
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=2 SEARCH
> RESULT tag=101 err=0 nentries=1 text=
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=3 SRCH
> base="cn=Subschema" scope=0 deref=0 filter="(objectClass=*)"
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=3 SRCH
> attr=attributeTypes dITContentRules dITStructureRules matchingRules
> matchingRuleUse nameForms objectClasses ldapSyntaxes
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=3 SEARCH
> RESULT tag=101 err=0 nentries=1 text=
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=4 BIND
> dn="mailacceptinggeneralid=asa,dc=dos" method=128
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=4 RESULT
> tag=97 err=49 text=
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=5 UNBIND
> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 fd=14 closed
> =====
>
> As you see above, the dn is
> "mailacceptinggeneralid=asa at isac.gov.in,dc=dos". Actually, the
> search should happen for mailacceptinggeneralid=asa for dc=dos
> search base and it should get userDN. Addition of domain name is
> also a problem. I can manage with that by enabling user to change
> the user name temporarily.
What you write and what's in the log doesn't match. I don't follow.
> Following is the backends.local.php
>
> $backends['ldapadmin'] = array(
> 'disabled' => true,
> 'name' => 'LDAP Server with Admin Bindings',
> 'preferred' => '',
> 'policy' => array(
> 'minLength' => 6,
> 'minNumeric' => 1,
> ),
> 'driver' => 'Ldap',
> 'params' => array(
> 'host' => 'localhost',
> 'port' => 389,
> 'basedn' => 'o=example.com',
> 'admindn' => 'cn=admin,o=example.com',
> 'adminpw' => 'somepassword',
> // LDAP object key attribute.
> 'uid' => 'uid',
> // The attribute storing the password.
> 'attribute' => 'userPassword',
> // These attributes will enable shadow password policies.
> // 'shadowlastchange' => 'shadowLastChange',
> // 'shadowmin' => 'shadowMin',
> // This will be appended to the username when looking for the userdn.
> 'realm' => '',
> // Use this filter when searching for the user's DN.
> 'filter' => '',
> // Hash method to use when storing the password
> 'encryption' => 'crypt',
> // If set, should be 0 or 1. See the LDAP documentation about the
> // corresponding parameter REFERRALS.
> // Windows 2003 Server require to set this parameter to 0
> // 'referrals' => 0,
> // Whether to enable TLS for this LDAP connection
> // Note: make sure that the host matches cn in the server
> certificate.
> 'tls' => false
> ),
> );
>
> Regards,
> ANANT.
>
>
>
> ----- Message from Jan Schneider <jan at horde.org> ---------
> Date: Mon, 26 Mar 2012 10:07:49 +0200
> From: Jan Schneider <jan at horde.org>
> Subject: Re: [horde] password with LDAP backend.
> To: horde at lists.horde.org
>
>
>> Zitat von ANANT S ATHAVALE <asa at isac.gov.in>:
>>
>>> Dear List,
>>>
>>> There seems to be no separate mailing list for passwd. So, sending
>>> to horde list.
>>>
>>> I found that, change password does not work with LDAP backend. I
>>> get the following error: Bind failed: Invalid credentials.
>>>
>>> As per the ldap logs, the userdn is not properly getting set. ie.
>>> userdn is not correct. I am using Passwd 4.0.1. I think,
>>> FinduserDN is not giving correct output. I am currently not using
>>> any hooks.
>>>
>>> Can anybody update on this. If you want any more inputs, please
>>> let me know.
>>
>> How about telling us *what* is not correct with the DN?
>>
>> Jan.
>>
>> --
>> The Horde Project
>> http://www.horde.org/
>>
>>
>> --
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
>
> ----- End message from Jan Schneider <jan at horde.org> -----
>
>
> --
> Anant S Athavale,
>
> ------------------------------------------------------------------------------
> Confidentiality Notice: This e-mail message, including any
> attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
> ------------------------------------------------------------------------------
>
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
--
The Horde Project
http://www.horde.org/
More information about the horde
mailing list