[horde] password with LDAP backend.

ANANT S ATHAVALE asa at isac.gov.in
Mon Mar 26 10:18:43 UTC 2012 

Dear Jan,

I think, My understanding of the problem is not correct and hence not  
able to give you proper input.  But, the reality is, 'I am unable to  
change password' and I get the error 'Bind failed: Invalid credentials.'

Please let me know, what kind of input may help to diagnose the problem.

Regards,
ANANT.


----- Message from Jan Schneider <jan at horde.org> ---------
    Date: Mon, 26 Mar 2012 11:59:24 +0200
    From: Jan Schneider <jan at horde.org>
Subject: Re: [horde] password with LDAP backend.
      To: horde at lists.horde.org


> Zitat von ANANT S ATHAVALE <asa at isac.gov.in>:
>
>> Dear Jan,
>>
>> Following is the log output.
>>
>> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 fd=14 ACCEPT  
>> from IP=x.x.x.x:35895 (IP=0.0.0.0:389)
>> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=0 BIND dn=""  
>> method=128
>> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=0 RESULT  
>> tag=97 err=0 text=
>> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=1 SRCH  
>> base="" scope=0 deref=0 filter="(objectClass=*)"
>> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=1 SRCH  
>> attr=vendorName vendorVersion namingContexts altServer  
>> supportedExtension supportedControl supportedSASLMechanisms  
>> supportedLDAPVersion subschemaSubentry
>> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=1 SEARCH  
>> RESULT tag=101 err=0 nentries=1 text=
>> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=2 SRCH  
>> base="" scope=0 deref=0 filter="(objectClass=*)"
>> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=2 SRCH  
>> attr=subschemaSubentry
>> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=2 SEARCH  
>> RESULT tag=101 err=0 nentries=1 text=
>> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=3 SRCH  
>> base="cn=Subschema" scope=0 deref=0 filter="(objectClass=*)"
>> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=3 SRCH  
>> attr=attributeTypes dITContentRules dITStructureRules matchingRules  
>> matchingRuleUse nameForms objectClasses ldapSyntaxes
>> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=3 SEARCH  
>> RESULT tag=101 err=0 nentries=1 text=
>> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=4 BIND  
>> dn="mailacceptinggeneralid=asa,dc=dos" method=128
>> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=4 RESULT  
>> tag=97 err=49 text=
>> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 op=5 UNBIND
>> Mar 25 18:44:13 ldapmaster slapd[23224]: conn=1039 fd=14 closed
>> =====
>>
>> As you see above, the dn is  
>> "mailacceptinggeneralid=asa at isac.gov.in,dc=dos".  Actually, the  
>> search should happen for mailacceptinggeneralid=asa for dc=dos  
>> search base and it should get userDN.  Addition of domain name is  
>> also a problem.  I can manage with that by enabling user to change  
>> the user name temporarily.
>
> What you write and what's in the log doesn't match. I don't follow.
>
>> Following is the backends.local.php
>>
>> $backends['ldapadmin'] = array(
>>    'disabled' => true,
>>    'name' => 'LDAP Server with Admin Bindings',
>>    'preferred' => '',
>>    'policy' => array(
>>        'minLength' => 6,
>>        'minNumeric' => 1,
>>    ),
>>    'driver' => 'Ldap',
>>    'params' => array(
>>        'host' => 'localhost',
>>        'port' => 389,
>>        'basedn' => 'o=example.com',
>>        'admindn' => 'cn=admin,o=example.com',
>>        'adminpw' => 'somepassword',
>>        // LDAP object key attribute.
>>        'uid' => 'uid',
>>        // The attribute storing the password.
>>        'attribute' => 'userPassword',
>>        // These attributes will enable shadow password policies.
>>        // 'shadowlastchange' => 'shadowLastChange',
>>        // 'shadowmin' => 'shadowMin',
>>        // This will be appended to the username when looking for the userdn.
>>        'realm' => '',
>>        // Use this filter when searching for the user's DN.
>>        'filter' => '',
>>        // Hash method to use when storing the password
>>        'encryption' => 'crypt',
>>        // If set, should be 0 or 1. See the LDAP documentation about the
>>        // corresponding parameter REFERRALS.
>>        // Windows 2003 Server require to set this parameter to 0
>>        // 'referrals' => 0,
>>        // Whether to enable TLS for this LDAP connection
>>        // Note: make sure that the host matches cn in the server  
>> certificate.
>>        'tls' => false
>>    ),
>> );
>>
>> Regards,
>> ANANT.
>>
>>
>>
>> ----- Message from Jan Schneider <jan at horde.org> ---------
>>   Date: Mon, 26 Mar 2012 10:07:49 +0200
>>   From: Jan Schneider <jan at horde.org>
>> Subject: Re: [horde] password with LDAP backend.
>>     To: horde at lists.horde.org
>>
>>
>>> Zitat von ANANT S ATHAVALE <asa at isac.gov.in>:
>>>
>>>> Dear List,
>>>>
>>>> There seems to be no separate mailing list for passwd. So,  
>>>> sending to horde list.
>>>>
>>>> I found that, change password does not work with LDAP backend.  I  
>>>> get the following error: Bind failed: Invalid credentials.
>>>>
>>>> As per the ldap logs, the userdn is not properly getting set.   
>>>> ie. userdn is not correct.  I am using Passwd 4.0.1.  I think,  
>>>> FinduserDN is not giving correct output.  I am currently not  
>>>> using any hooks.
>>>>
>>>> Can anybody update on this.  If you want any more inputs, please  
>>>> let me know.
>>>
>>> How about telling us *what* is not correct with the DN?
>>>
>>> Jan.
>>>
>>> -- 
>>> The Horde Project
>>> http://www.horde.org/
>>>
>>>
>>> -- 
>>> Horde mailing list
>>> Frequently Asked Questions: http://horde.org/faq/
>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>
>>
>> ----- End message from Jan Schneider <jan at horde.org> -----
>>
>>
>> -- 
>> Anant S Athavale,
>>
>> ------------------------------------------------------------------------------
>> Confidentiality Notice: This e-mail message, including any  
>> attachments, is for
>> the sole use of the intended recipient(s) and may contain confidential and
>> privileged information. Any unauthorized review, use, disclosure or
>> distribution is prohibited. If you are not the intended recipient, please
>> contact the sender by reply e-mail and destroy all copies of the original
>> message.
>> ------------------------------------------------------------------------------
>>
>> -- 
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
> -- 
> The Horde Project
> http://www.horde.org/
>
>
> -- 
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org


----- End message from Jan Schneider <jan at horde.org> -----


-- 
Anant S Athavale,

------------------------------------------------------------------------------
Confidentiality Notice: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
------------------------------------------------------------------------------

More information about the horde mailing list