[horde] Passwd Module - LDAP error, how to set userdn? more attempts

Andy Dorman adorman at ironicdesign.com
Wed Jul 31 17:31:39 UTC 2013


On 07/31/2013 11:57 AM, Andy Dorman wrote:
> On 07/30/2013 04:14 PM, Andy Dorman wrote:
>> On 07/29/2013 04:44 AM, Hanns Mattes wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Am 29.07.2013 10:21, schrieb Mail Admin:
>>>> Hi,
>>>>
>>>> We are trying to configure passwd 5.0.0 module with Horde
>>>> framework 5.1.2 with webmail 5.1.1 and getting following error.
>>>>
>>>> "Failure in changing password for LDAP Server with Admin Bindings:
>>>> Bind failed: Invalid DN syntax" [...] hooks.php
>>>>
>>>> public function userdn($authid) { // // Example: Provide
>>>> LDAP server with a userdn so that you do not have // // to
>>>> perform anonymous binds. $em=split("@",$authid); // return
>>>> 'uid=' . $authid . ',o=example.com'; return 'mail=' . $authid .
>>>> ',ou=Users,domainName=' . $em[1] .
>>>> ',o=domains,dc=sub,dc=domain,dc=com'; }
>>>
>>> IIRC the hook (I've used a similar one) was removed from passwd for some
>>> unknown reason. I don't know of a solution, so at the moment passwd is
>>> not usable for me.
>>>
>>> See:
>>> http://lists.horde.org/archives/sork/Week-of-Mon-20130506/003225.html
>>>
>>> Regards Hanns
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.11 (GNU/Linux)
>>> Comment: Using GnuPG with undefined - http://www.enigmail.net/
>>>
>>> iEYEARECAAYFAlH2OXkACgkQBkUMfd4PkdCgAgCgkPAO4K6Xf5GUngEruMkflOr4
>>> qhgAoIK+vlybAGsDixbJRucyFYTcafWi
>>> =9LC8
>>> -----END PGP SIGNATURE-----
>>
>> I expect I will be embarrassed when I know the answer, but I have a
>> similar problem (Horde 5.1.1, passwd 5.0.0) except my domain does not
>> dynamically change, so fixing this to regain password functionality
>> should be easy... I thought ;-)
>>
>> passwd/backends.php says:
>>
>> // NOTE: to set the ldap userdn, see horde/config/hooks.php
>>
>> However, horde/config/hooks.php.dist has lots of info about connecting
>> to LDAP servers to get information before and after logging in, but
>> nothing that talks about setting parameters for an LDAP backend AFTER
>> passwd/backends.local.php runs.
>>
>>
>> http://www.horde.org/apps/passwd/docs/UPGRADING says:
>>
>> 2 Upgrading to Passwd 5.0
>> ...
>> 2.2 Hooks Configuration (hooks.php)
>> The 'default_username' hook no longer receives a $user parameter.
>> The 'userdn' hook has been removed. It can now be configured using the
>> 'userdn' parameter in the LDAP driver configuration.
>>
>> However, I can not find WHAT LDAP driver configuration this is referring
>> to. I have checked the web admin UI and grepped through all the config
>> files, except for the note about NOT setting it in
>> passwd/backends.local.php, there is no mention of "userdn" anywhere.
>>
>> So, I expect I am supposed to use one of the hooks in
>> horde/config/hooks.php that receives a $userId input and have it set
>> $backends['ldap']['params']['userdn'].
>>
>> So, can someone tell me WHICH hook would be called AFTER the
>> passwd/config/backends.local.php is called? I need a hook that is called
>> AFTER passwd/config/backends.local.php so
>> $backends['ldap']['params']['userdn'] will not be clobbered when
>> passwd/config/backends.local.php runs.
>>
>> Once I have this working I will pass back the necessary changes.
>>
>> Thanks,
>>
>
> I am sure I am doing something really, really dumb...but I do not know
> what.
>
> I have tried twice now to add code to horde/config/hooks.php to set a
> userdn in order to get horde/passwd working again. In both cases below I
> ended up with an empty value for $user and the LDAP call to update the
> password failed.
>
> Try #1
> public function appauthenticated()
> {
> // attempt to set userdn for passwd
> $user = $GLOBALS['registry']->getAuth();
> $backends['ldap']['params']['userdn'] = 'uid=' . $user .
> ',ou=addresses,o=antespam.com';
> }
>
> Try #2
> public function pushapp_post()
> {
> // Code to run immediately after the app is successfully switched to
> // horde
> $user = $GLOBALS['registry']->getAuth();
> $backends['ldap']['params']['userdn'] = 'uid=' . $user .
> ',ou=addresses,o=antespam.com';
> }
>
> I guess the good news is 'userdn' appeared to be set with the exception
> of an empty username. So what am I doing wrong?
>
> Thanks for any pointers or suggestion.
>

Ahhh, I did not notice passwd/config/hooks.php before.  So possibly we 
should use a hook function here to set the userdn?

I have now tried both below (separate times after restarting apache each 
time) in passwd/config/hooks.php and still get a userdn with an empty 
user value 'uid=,ou=addresses,o=antespam.com'

Try #1
     public function username($userid, $driver)
     {
//        // Example: Translate what the user enters, in the username box,
//        // into what the backend expects.
//        if ($driver instanceof Passwd_Driver_Http) {
//            return $userid . '@example.com';
//        }
//
         // hijack this hook to set our LDAP userdn
         $userid = $userid ? $userid : $GLOBALS['registry']->getAuth();
         $backends['ldap']['params']['userdn'] = 'uid=' . $userid . 
',ou=addresses,o=antespam.com';
         return $userid;
     }

Try #2

     public function default_username()
     {
         // hijack this hook to set our LDAP userdn
         $userid = $GLOBALS['registry']->getAuth();
         $backends['ldap']['params']['userdn'] = 'uid=' . $userid . 
',ou=addresses,o=antespam.com';

//        // Example: This is the default value if this hook is not defined.
         return $userid;

     }

I do NOT see how $GLOBALS['registry']->getAuth() is not giving me a 
username.

I am now even more convinced that I am missing something obvious and am 
going to feel like a real idiot when I find out what it is.  ;-)

-- 
Andy Dorman
FanMail.com
Ironic Design, Inc.
AnteSpam.com, HomeFreeMail.com, ComeHome.net

CONFIDENTIALITY NOTICE: This message is for the named person's use only. 
It may contain confidential, proprietary or legally privileged 
information. No confidentiality or privilege is waived or lost by any 
erroneous transmission. If you receive this message in error, please 
immediately destroy it and notify the sender. You must not, directly or 
indirectly, use, disclose, distribute, or copy any part of this message 
if you are not the intended recipient.



More information about the horde mailing list