[horde] Composite Authentication

Laurent Foucher laurent.foucher at iut-tlse3.fr
Tue Oct 22 09:41:39 UTC 2013 

----- Message de Laurent Foucher <laurent.foucher at iut-tlse3.fr> ---------
  Date: Mon, 21 Oct 2013 11:23:17 +0200
    De: Laurent Foucher <laurent.foucher at iut-tlse3.fr>
Objet: Re: [horde] Composite Authentication
     À: horde at lists.horde.org


> ----- Message de Michael M Slusarz <slusarz at horde.org> ---------
>  Date: Fri, 18 Oct 2013 12:17:28 -0600
>    De: Michael M Slusarz <slusarz at horde.org>
> Objet: Re: [horde] Composite Authentication
>     À: horde at lists.horde.org
>
>
>> Quoting Laurent Foucher <laurent.foucher at iut-tlse3.fr>:
>>
>>> Hello,
>>>
>>> I'm trying to configure the composite authentication, using  
>>> shibolleth as auth driver and ldap as admin driver. Here my config :
>>>
>>> $conf['auth']['driver'] = 'composite';
>>> $conf['auth']['params']['admin_driver']['driver'] = 'ldap';
>>> $conf['auth']['params']['admin_driver']['params'] = array(
>>> 'hostspec' => 'XX.XX.XX.XX',
>>> 'tls' => false,
>>> 'version' => '3',
>>> 'binddn' => 'XXXXXXXX,dc=iut-tlse3,dc=fr',
>>> 'bindpw' => 'XXXXXXXX',
>>> 'bindas' => 'admin',
>>> 'basedn' => 'ou=People,dc=iut-tlse3,dc=fr',
>>> 'scope' => 'one',
>>> 'ad' => false,
>>> 'uid' => 'uid',
>>> 'encryption' => 'ssha',
>>> 'newuser_objectclass' => array('shadowAccount', 'inetOrgPerson'),
>>> 'filter' => '(objectclass=shadowAccount)',
>>> 'password_expiration' => 'no'
>>> );
>>> $conf['auth']['params']['auth_driver']['driver'] = 'shibboleth';
>>> $conf['auth']['params']['auth_driver']['params'] = array(
>>> 'username_header' => 'HTTP_AUTH_USER',
>>> 'password_header' => 'HTTP_AUTH_PASSWORD',
>>> 'password_holder' => 'header'
>>> );
>>>
>>> Authentication works fine with shibolleth and ldap, but not with  
>>> composite driver.
>>
>> I would start simpler.  Replace, for example, the auth_driver with  
>> a simple auth driver (i.e. 'auto') and see if it works.  Then  
>> switch with admin_driver.  This will let you know which portion of  
>> your config is faulty.
>>
>> michael
>>
> Hello,
>
> Whatever the following configuration, the same problem remain and  
> the authentication does not occur.
>
> Test1 :
>
> $conf['auth']['list_users'] = 'list';
> $conf['auth']['driver'] = 'composite';
> $conf['auth']['params']['admin_driver']['driver'] = 'auto';
> $conf['auth']['params']['admin_driver']['params'] = array(
>  'username' => 'laurent.foucher',
>  'password' => 'XXXXX',
>  'requestuser' => false
> );
> $conf['auth']['params']['auth_driver']['driver'] = 'shibboleth';
> $conf['auth']['params']['auth_driver']['params'] = array(
> 'username_header' => 'HTTP_AUTH_USER',
> 'password_header' => 'HTTP_AUTH_PASSWORD',
> 'password_holder' => 'header'
> );
>
> Test2:
>
> $conf['auth']['driver'] = 'composite';
> $conf['auth']['params']['admin_driver']['driver'] = 'ldap';
> $conf['auth']['params']['admin_driver']['params'] = array(
> 'hostspec' => 'XX.XX.XX.XX',
> 'tls' => false,
> 'version' => '3',
> 'binddn' => 'XXXXX,dc=iut-tlse3,dc=fr',
> 'bindpw' => 'XXXXX',
> 'bindas' => 'admin',
> 'basedn' => 'ou=People,dc=iut-tlse3,dc=fr',
> 'scope' => 'one',
> 'ad' => false,
> 'uid' => 'uid',
> 'encryption' => 'ssha',
> 'newuser_objectclass' => array('shadowAccount', 'inetOrgPerson'),
> 'filter' => '(objectclass=shadowAccount)',
> 'password_expiration' => 'no'
> );
> $conf['auth']['params']['auth_driver']['driver'] = 'auto';
> $conf['auth']['params']['auth_driver']['params'] = array(
> 'username' => 'laurent.foucher',
> 'password' => 'XXXXXX',
> 'requestuser' => false
> );
>
> Thanks,

I have tested a new configuration with imp as auth driver :

$conf['auth']['params']['admin_driver']['params'] = array(
'hostspec' => 'XX.XX.XX.XX',
'port' => 389,
'tls' => false,
'version' => '3',
'binddn' => 'XXXX,dc=iut-tlse3,dc=fr',
'bindpw' => 'XXXX',
'bindas' => 'admin',
'basedn' => 'ou=People,dc=iut-tlse3,dc=fr',
'scope' => 'one',
'ad' => false,
'uid' => 'uid',
'encryption' => 'ssha',
'newuser_objectclass' => array('shadowAccount', 'inetOrgPerson'),
'filter' => '(objectclass=shadowAccount)',
'password_expiration' => 'no'
);
$conf['auth']['params']['auth_driver']['driver'] = 'application';
$conf['auth']['params']['auth_driver']['params'] = array(
     'app' => 'imp',
);

With this configuration, all works fine.

-- 
- Laurent Foucher
< I U T 'A'  Paul Sabatier >
laurent.foucher at iut-tlse3.fr
Enseignant/Chargé de mission Systèmes & Réseau

More information about the horde mailing list