[horde] Listing of users not working as expected
Vilius Sumskas/LNK
vilius at lnk.lt
Fri Nov 27 07:06:11 UTC 2015
> > Zitat von ANANT S ATHAVALE <asa at isac.gov.in>:
> >
> >> ----- Message from Jan Schneider <jan at horde.org> ---------
> >> Date: Thu, 19 Nov 2015 18:43:09 +0100
> >> From: Jan Schneider <jan at horde.org>
> >> Subject: Re: [horde] Listing of users not working as expected
> >> To: horde at lists.horde.org
> >>
> >>
> >>> Zitat von ANANT S ATHAVALE <asa at isac.gov.in>:
> >>>
> >>>> Dear List,
> >>>>
> >>>> Listing of users is not working with HGWE 5.2.11. Following are
> >>>> my settings.
> >>>>
> >>>> 1. Using LDAP for authentication for Horde.
> >>>> 2. In IMP, able to list and share mailboxes (hordeauth=true)
> >>>> 3. In other applications like Calender, Notes, sharing is not
> >>>> possible, as listing of users is not happening (except for one id).
> >>>> 4. As a Horde Admin also, users are not getting listed (only one
> >>>> is getting listed and don't know on what basis).
> >>>>
> >>>> Not sure since when this happened. But, I recently upgraded to
> >>>> HGWE 5.2.11 when it was released.
> >>>>
> >>>> Any pointers to resolve this issue, please let me know.
> >>>> Following is my conf.php for Horde.
> >>>>
> >>>> $conf['ldap']['hostspec'] = array('x.x.x.x');
> >>>> $conf['ldap']['tls'] = false;
> >>>> $conf['ldap']['timeout'] = 5;
> >>>> $conf['ldap']['version'] = 3;
> >>>> $conf['ldap']['binddn'] = 'cn=Manager,dc=xxx';
> >>>> $conf['ldap']['bindpw'] = '1234567';
> >>>> $conf['ldap']['bindas'] = 'admin';
> >>>> $conf['ldap']['useldap'] = true;
> >>>> $conf['auth']['admins'] = array('xyz at isac.gov.in', 'xyz');
> >>>> $conf['auth']['checkip'] = true;
> >>>> $conf['auth']['checkbrowser'] = true;
> >>>> $conf['auth']['resetpassword'] = false;
> >>>> $conf['auth']['alternate_login'] = false;
> >>>> $conf['auth']['redirect_on_logout'] = false;
> >>>> $conf['auth']['list_users'] = 'list';
> >>>> $conf['auth']['params']['basedn'] = 'dc=xxx';
> >>>> $conf['auth']['params']['scope'] = 'sub';
> >>>> $conf['auth']['params']['ad'] = false;
> >>>> $conf['auth']['params']['uid'] = 'mailacceptinggeneralid';
> >>>> $conf['auth']['params']['encryption'] = 'md5-base64';
> >>>> $conf['auth']['params']['newuser_objectclass'] =
> >>>> array('employee', 'trainee');
> >>>> $conf['auth']['params']['filter'] =
> >>>> '(|(servername=isacmail1)(servername=isacmail2))';
> >>>> $conf['auth']['params']['password_expiration'] = 'no';
> >>>> $conf['auth']['params']['driverconfig'] = 'horde';
> >>>> $conf['auth']['driver'] = 'ldap';
> >>>> $conf['auth']['params']['count_bad_logins'] = false;
> >>>> $conf['auth']['params']['login_block'] = false;
> >>>> $conf['auth']['params']['login_block_count'] = 5;
> >>>> $conf['auth']['params']['login_block_time'] = 5;
> >>>> $conf['accounts']['params']['hostspec'] = array('x.x.x.x');
> >>>> $conf['accounts']['params']['tls'] = false;
> >>>> $conf['accounts']['params']['timeout'] = 5;
> >>>> $conf['accounts']['params']['version'] = 3;
> >>>> $conf['accounts']['params']['binddn'] = 'cn=Manager, dc=xxx';
> >>>> $conf['accounts']['params']['bindpw'] = '1234566';
> >>>> $conf['accounts']['params']['bindas'] = 'admin';
> >>>> $conf['accounts']['params']['basedn'] = 'dc=xxx';
> >>>> $conf['accounts']['params']['scope'] = 'sub';
> >>>> $conf['accounts']['params']['attr'] = 'mailacceptinggeneralid';
> >>>> $conf['accounts']['params']['strip'] = false;
> >>>> $conf['accounts']['params']['driverconfig'] = 'custom';
> >>>> $conf['accounts']['driver'] = 'ldap';
> >>>
> >>> Enable debug logging to see the used LDAP queries. If they work
> >>> outside of Horde, you may have a timeout.
> >>>
> >>> --
> >>> Jan Schneider
> >>> The Horde Project
> >>> http://www.horde.org/
> >>>
> >>> --
> >>> Horde mailing list
> >>> Frequently Asked Questions: http://horde.org/faq/
> >>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
> >>
> >>
> >> ----- End message from Jan Schneider <jan at horde.org> -----
> >>
> >> Enabled debug logging, but did not see any LDAP query for listing
> >> users. I think, it is not contacting LDAP at all.
> >> 1. Does it use the settings defined for $conf[accounts] to list
users?
> >
> > No.
> >
> >> 2. Which configuration Kronolith/nag refers to for listing users
> >> for sharing?
> >
> > $conf['auth']
> >
> >
> >
> > --
> > Jan Schneider
> > The Horde Project
> > http://www.horde.org/
> >
> > --
> > Horde mailing list
> > Frequently Asked Questions: http://horde.org/faq/
> > To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
>
> ----- End message from Jan Schneider <jan at horde.org> -----
>
> Hi,
>
> Problem solved when the following parameter was changed.
>
> from $conf['accounts']['params']['basedn'] = 'dc=xxx';
>
> to $conf['accounts']['params']['basedn'] = 'dc=yyy, dc=xxx';
>
> But, I feel, with old one also it should have worked since following
> is already set.
>
> $conf['accounts']['params']['scope'] = 'sub';
>
> Any idea on this.
>
> I could not get the search query through debugging, so don't know, why
> this change worked for me.
Not sure which LDAP directory you are running but at least in AD you have
to specify full domain name in order to be able to search it -
dc=example,dc=com. You can't just specify dc=com.
--
Vilius
More information about the horde
mailing list