[horde] SOLVED: changing LDAP passwords using horde/passwd

A. Schulze sca at andreasschulze.de
Fri Sep 5 08:34:43 UTC 2014


in Nov 2013 there was a question on this list about $subject

Now I finally found a working setup for horde/passwd-5.0.1

horde/passwd allow changes only if users ldap dn could be constructed.
( see file horde/passwd/lib/Driver/Ldap.php, Line 108 ff. )

I changed Line 110 to call findUserDN ( trivial patch attached )

Now I only need to define the backend:

$ cat horde/passwd/config/backends.local.php
$backends['ldap']['disabled'] = false;
$backends['ldap']['logout'] = true;
$backends['ldap']['params']['host'] = 'ldaps://ldap.example.org';
$backends['ldap']['params']['basedn'] = 'dc=example,dc=org';

// undocumented magic: how to find a userdn
$backends['ldap']['params']['user']['objectclass'] = 'MYOBJECTCLASS';
$backends['ldap']['params']['user']['uid'] = 'MYUID';


the last two lines and the patch make horde to search a dn, rebind and  
then write a new userPassword Attribute.
Of course the ldapserver must allow the user write it's on password  

conn=2437 op=4 SRCH base="dc=example,dc=org" scope=2 deref=0  
filter="(&(objectClass=MYOBJECTCLASS)(MYUID=user at example.org))"
conn=2437 op=4 SRCH attr=MYUID
conn=2437 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=2437 op=5 BIND dn="id=4711,ou=testuser,dc=example,dc=org" method=128
conn=2437 op=5 BIND dn="id=4711,ou=testuser,dc=example,dc=org"  
mech=SIMPLE ssf=0
conn=2437 op=5 RESULT tag=97 err=0 text=
conn=2437 op=6 SRCH base="id=4711,ou=testuser,dc=example,dc=org"  
scope=0 deref=0 filter="(objectClass=*)"
conn=2437 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=2437 op=7 MOD dn="id=4711,ou=testuser,dc=example,dc=org"
conn=2437 op=7 MOD attr=userPassword
conn=2437 op=7 RESULT tag=103 err=0 text=
conn=2437 op=8 UNBIND

-------------- next part --------------
A non-text attachment was scrubbed...
Name: horde_passwd_ldap.patch
Type: text/x-diff
Size: 604 bytes
Desc: not available
URL: <http://lists.horde.org/archives/horde/attachments/20140905/d7a7c3fb/attachment.bin>

More information about the horde mailing list