[horde] suggested / working LDAP Setup

Andy Dorman adorman at ironicdesign.com
Tue Apr 15 21:10:20 UTC 2014 

On 04/15/2014 02:05 PM, Andreas Schulze wrote:
>
> Andreas Schulze:
>
>> Could someone suggest a ldap setup matching best how horde expect the
>> ldap server should look like?
>
> nobody is willing to share his ldap setup?
>
> Andreas
>

Andreas, your question is unclear and the answer depends on what you 
want to use LDAP for, but will try to tell you what we have as far as 
our LDAP config.

Our old H3 setup used LDAP for auth & preferences, but I do not believe 
you want to look at something that old.

Our H5/I6 beta test setup uses LDAP only for auth. Below are our 
settings as they appear in our conf.php file.  I set all these from the 
admin configuration web interface, the Authentication tab...

$conf['ldap']['hostspec'] = 'localhost';
$conf['ldap']['tls'] = false;
$conf['ldap']['version'] = 3;
$conf['ldap']['user']['binddn'] = 'ou=addresses,o=antespam.com';
$conf['ldap']['user']['uid'] = 'uid';
$conf['ldap']['user']['objectclass'] = array('fmAddress');
$conf['ldap']['user']['filter_type'] = 'objectclass';
$conf['ldap']['bindas'] = 'user';
$conf['ldap']['useldap'] = true;

We also use the new password module and the following in our 
backends.local.php (a couple of "sensitive settings have been x'd out)

$backends['ldap'] = array(
     'disabled' => false,
     'driver' => 'ldap',
     'logout' => true,
     'name' => 'Horde',
     'params' => array(
         'host' => 'ldap.xxxxxxxxxxxx.xxx',
         'port' => 389,
         'basedn' => 'ou=addresses,o=antespam.com',
         // LDAP object key attribute.
         'uid' => 'uid',
         // The attribute storing the password.
         'attribute' => 'userPassword',
         // These attributes will enable shadow password policies.
         // 'shadowlastchange' => 'shadowLastChange',
         // 'shadowmin' => 'shadowMin',
         // This will be appended to the username when looking for the 
userdn.
         'realm' => '',
         // Use this filter when searching for the user's DN.
         'filter' => '',
         // Hash method to use when storing the password
         'encryption' => 'xxxxxxxxxxxx',
         // Whether to enable TLS for this LDAP connection
         // Note: make sure that the host matches cn in the server 
certificate.
         'tls' => xxxx,
         // Determine the user's DN. %u will be replaced by the user's ID.
         'userdn' => 'uid=%u,ou=addresses,o=antespam.com'
     ),
     'policy' => array(
         'minLength' => 8,
         'maxLength' => 128,
         'maxSpace' => 0,
         'minUpper' => 1,
         'minLower' => 1,
         'minNumeric' => 1
     ),
     'preferred' => '',
);

Good luck!

-- 
Andy Dorman

More information about the horde mailing list