[horde] Passwd Module - LDAP error, how to set userdn? more attempts
Andy Dorman
adorman at ironicdesign.com
Wed Jul 31 20:05:11 UTC 2013
On 07/31/2013 12:58 PM, Stuart C. Naifeh wrote:
> How about adding the following to backends.local.php:
>
> $backends['ldap']['params']['userdn'] = 'uid=%u,ou=addresses,o=antespam.com
> ';
>
> You'd of course want to delete the line that sents
> $backends['ldap']['params']['userdn'] from hooks.php. I also did not need
> to set $userid in a hook. If you use the LDAP uid to log in to horde then
> you probably don't need to, either.
Stuart, I believe you are moving us closer to a solution...I made the
changes you suggested in passwd/backends.local.php. Since it is already
setting values for $backends['ldap'] in that file, I just uncommented
and edited the userdn line that was already there as you can see below.
NOTE. Doing this goes against the NOTE the developers put in the source
code below about seeing horde/config/hooks.php...
// NOTE: to set the ldap userdn, see horde/config/hooks.php
$backends['ldap'] = array(
'disabled' => false,
'driver' => 'ldap',
'logout' => true,
'name' => 'FanMailPlus',
'params' => array(
'host' => 'ldap.ironicdesign.com',
'port' => 389,
'basedn' => 'ou=addresses,o=antespam.com',
// LDAP object key attribute.
'uid' => 'uid',
// The attribute storing the password.
'attribute' => 'userPassword',
// These attributes will enable shadow password policies.
// 'shadowlastchange' => 'shadowLastChange',
// 'shadowmin' => 'shadowMin',
// This will be appended to the username when looking for the
userdn.
'realm' => '',
// Use this filter when searching for the user's DN.
'filter' => '',
// Hash method to use when storing the password
'encryption' => 'plain',
// Whether to enable TLS for this LDAP connection
// Note: make sure that the host matches cn in the server
certificate.
'tls' => false,
// Determine the user's DN. %u will be replaced by the user's ID.
'userdn' => 'uid=%u,ou=addresses,o=antespam.com'
),
'policy' => array(
'minLength' => 8,
'minNumeric' => 1,
'maxLength' => 128
),
'preferred' => '',
);
The interesting thing is, when I tried it, it actually DID change my
password (so the userdn was set correctly)...then crashed.
HORDE: [imp] Mail server denied authentication. [pid 14389 on line 94 of
"/usr/share/horde/imp/lib/Imap/Exception.php"]
OK, our horde config is set to use imp for authentication. Perhaps if I
switched to straight LDAP for auth?...I tried that, and again, it
crashed after changing my password:
HORDE: [imp] Mail server denied authentication. [pid 16424 on line 94 of
"/usr/share/horde/imp/lib/Imap/Exception.php"]
HORDE: Bind failed: Invalid credentials [pid 16424 on line 247 of
"/usr/share/php/Horde/Ldap.php"]
I was able to see the detailed trace for this error and as you can see,
the userdn was fine...it just had the old password.
[message:protected] => Bind failed: Invalid credentials
[string:Exception:private] =>
[code:protected] => 49
[file:protected] => /usr/share/php/Horde/Ldap.php
[line:protected] => 247
[trace:Exception:private] => Array
(
[0] => Array
(
[file] => /usr/share/php/Horde/Core/Factory/Ldap.php
[line] => 79
[function] => bind
[class] => Horde_Ldap
[type] => ->
[args] => Array
(
[0] =>
uid=andydorman at comehome.net,ou=addresses,o=antespam.com
[1] => oldpassword
)
...
At this point, it looks like passwd/backends.local.php can set userdn
just fine...but when the password is changed, we get a crash instead of
a graceful logout. I think I saw someone else report a similar problem
about that earlier.
--
Andy Dorman
More information about the horde
mailing list