[horde] Using separate LDAP write and read servers for Turba

Andy Dorman adorman at ironicdesign.com
Tue Jul 29 14:27:03 UTC 2014


On 07/29/2014 08:39 AM, Andy Dorman wrote:
> On 07/28/2014 02:04 PM, Andy Dorman wrote:
>> On 07/28/2014 12:01 PM, Andreas Schulze wrote:
>>> Andy Dorman:
>>>>>> So is it no longer possible to use a separate write_server for Turba?
>>>>>
>>>>> Correct.
>>> untested idea:
>>>
>>> when using syncreplica you could add a updateref¹
>>> Clients will get that as responce when they try to write to a read
>>> only server.
>>> Maybe the client-library used by horde honor that "hint".
>>>
>>> Andreas
>>>
>>> ¹) http://www.openldap.org/doc/admin24/guide.html#updateref%20%3CURL%3E
>>>
>>
>> Andreas, thank you...that may do exactly what we need.
>>
>> We already have the updateref attribute configured for all our slaves,
>> but I had forgotten all about it.
>>
>> I will test it and report back.
>>
>
> Well I am not having any luck so far...I changed the server in
> backends.local.php to 'localhost', confirmed LDAP ACL rules were the
> same for the master (which works) and slave (which doesn't) and we keep
> getting the "Strong(er) authentication required" error shown below from
> the debug log of one of the tests.
>
> 2014-07-28T14:29:23.102968-05:00 yorick HORDE: [turba] Failed to add an
> object: [8] "Strong(er) authentication required" DN:
> uid=20140728192923.hqL0AySZ_alzsglmrFuACA6 at beta.mail.bulldogs.com,uid=andydorman at comehome.net,ou=addresses,o=antespam.com
> (attributes:
> [a:6:{s:2:"cn";s:6:"Andy.D";s:4:"mail";s:26:"andy.dorman at comehome.email";s:9:"givenname";s:4:"Andy";s:2:"sn";s:6:"Dorman";s:3:"uid";s:61:"20140728192923.hqL0AySZ_alzsglmrFuACA6 at beta.mail.bulldogs.com";s:11:"objectclass";a:3:{i:0;s:6:"person";i:1;s:13:"inetOrgPerson";i:2;s:20:"organizationalPerson";}}])
> [pid 14212 on line 331 of "/usr/share/horde/turba/lib/Driver/Ldap.php"]
> 2014-07-28T14:29:23.103019-05:00 yorick HORDE: 1.
> Turba_Form_AddContact->execute() /usr/share/horde/turba/add.php:68#0122.
> Turba_Driver->add()
> /usr/share/horde/turba/lib/Form/AddContact.php:76#0123.
> Turba_Driver_Ldap->_add() /usr/share/horde/turba/lib/Driver.php:910
>
> I even tried binding with the admin user and password and got the same
> error.
>
> Here is our turba backends.local.php config
>
> $cfgSources['localsql']['disabled'] = true;
> $_ldap_uid = strtolower($GLOBALS['registry']->getAuth());
> $_ldap_basedn = ',ou=addresses,o=antespam.com';
> $cfgSources['personal_ldap']['disabled'] = false;
>
> $cfgSources['personal_ldap']['params']['server'] = 'localhost';
> $cfgSources['personal_ldap']['params']['root'] = 'uid=' . $_ldap_uid .
> $_ldap_basedn;
> $cfgSources['personal_ldap']['params']['bind_dn'] = 'uid=' . $_ldap_uid
> . $_ldap_basedn;
> $cfgSources['personal_ldap']['params']['bind_password'] =
> $GLOBALS['registry']->getAuthCredential('password');
> $cfgSources['personal_ldap']['params']['scope'] = 'sub';
> $cfgSources['personal_ldap']['params']['objectclass'] = array('person',
>
> 'inetOrgPerson',
>
> 'organizationalPerson');
>
> Our slapd.conf sets updateref as shown below, and this has worked fine
> for many years with Cyrus & perl clients.
>
> # Where to send people to do updates
> updateref    ldap://ldap.ironicdesign.com/
>
> So now I am googling to see if I can find any useful reference to this
> error message with the PHP client.
>

I also tried setting the referrals param = 1.

$cfgSources['personal_ldap']['params']['referrals'] = 1;

According to the turba driver code his sets LDAP_OPT_REFERRALS and 
according to the PHP LDAP constants doc...

LDAP_OPT_REFERRALS (integer): Specifies whether to automatically follow 
referrals returned by the LDAP server.

However, I still get the "Strong(er) authentication required" error.

Any other ideas?

-- 
Andy Dorman



More information about the horde mailing list