[horde] Problems with PASSWD and LDAP

David Cunningham dcunningham at additionnetworks.net
Tue Jan 12 18:09:42 UTC 2016 

Hi All,

I am attempting to configure PASSWD to reset my LDAP passwords on my new Horde 5 installation, just like it once existed on my Horde 3 installation.

I have the following backend configuration… matching my old one:

<?php
$backends['ldap'] = array(
    'disabled' => false,
    'name' => 'Courier Mail Server',
    'preferred' => 'courier.additionnetworks.net',
    'driver' => 'Ldap',
    'policy' => array(
        'minLength' => 6,
        'minNumeric' => 1,
    ),
    'params' => array(
        'host' => 'courier.additionnetworks.net',
        'port' => 389,
	'basedn' => 'ou=customers,dc=mecnet,dc=net',
        // LDAP object key attribute.
        'uid' => 'uid',
        // The attribute storing the password.
        //'attribute' => 'Password',
        // These attributes will enable shadow password policies.
        // 'shadowlastchange' => 'shadowLastChange',
        // 'shadowmin' => 'shadowMin',
        // This will be appended to the username when looking for the userdn.
        'realm' => '',
        // Use this filter when searching for the user's DN.
        'filter' => 'uid',
        // Hash method to use when storing the password
        'encryption' => 'crypt',
        // Whether to enable TLS for this LDAP connection
        // Note: make sure that the host matches cn in the server certificate.
        'tls' => false,
        // Determine the user's DN. %u will be replaced by the user's ID.
        // Alternatively, disable this option and instead use the 'userdn'
        // hook (config/hooks.php) to dynamically set the userdn.
        //'userdn' => 'uid=%u,ou=%d,ou=customers,dc=mecnet,dcnet'
    ),
);


When attempting to reset a password, I see this in my openldap logs:

Jan 12 11:29:19 washington slapd[2489]: conn=201078 fd=18 ACCEPT from IP=216.20.10.19:33899 (IP=0.0.0.0:389)
Jan 12 11:29:19 washington slapd[2489]: conn=201078 fd=18 closed (connection lost)
Jan 12 11:29:19 washington slapd[2489]: conn=201079 fd=18 ACCEPT from IP=216.20.10.19:33900 (IP=0.0.0.0:389)
Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=0 BIND dn="" method=128
Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=0 RESULT tag=97 err=0 text=
Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=1 SRCH attr=vendorName vendorVersion namingContexts altServer supportedExtension supportedControl supportedSASLMechanisms supportedLDAPVersion subschemaSubentry
Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=2 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=2 SRCH attr=subschemaSubentry
Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=3 SRCH base="cn=Subschema" scope=0 deref=0 filter="(objectClass=*)"
Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=3 SRCH attr=attributeTypes dITContentRules dITStructureRules matchingRules matchingRuleUse nameForms objectClasses ldapSyntaxes
Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=4 BIND dn="uid=dcunningham at test.mecnet.net,ou=customers,dc=mecnet,dc=net" method=128
Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=4 RESULT tag=97 err=49 text=
Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=5 UNBIND
Jan 12 11:29:19 washington slapd[2489]: conn=201079 fd=18 closed


On my Horde 3 installation with the same settings, I get these entries in my logs, which DO work:

Jan 11 10:12:08 washington slapd[2489]: conn=200569 fd=18 ACCEPT from IP=216.20.10.16:59812 (IP=0.0.0.0:389)
Jan 11 10:12:08 washington slapd[2489]: conn=200569 op=0 BIND dn="" method=128
Jan 11 10:12:08 washington slapd[2489]: conn=200569 op=0 RESULT tag=97 err=49 text=
Jan 11 10:12:08 washington slapd[2489]: conn=200569 op=1 SRCH base="ou=customers,dc=mecnet,dc=net" scope=2 deref=0 filter="(uid=dcunningham at test.mecnet.net)"
Jan 11 10:12:08 washington slapd[2489]: conn=200569 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 11 10:12:08 washington slapd[2489]: conn=200569 op=2 UNBIND
Jan 11 10:12:08 washington slapd[2489]: conn=200569 fd=18 closed
Jan 11 10:12:08 washington slapd[2489]: conn=200570 fd=18 ACCEPT from IP=216.20.10.16:59813 (IP=0.0.0.0:389)
Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=0 BIND dn=“uid=dcunningham at test.mecnet.net,ou=test.mecnet.net,ou=customers,dc=mecnet,dc=net" method=128
Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=0 BIND dn="uid=dcunningham at test.mecnet.net,ou=test.mecnet.net,ou=customers,dc=mecnet,dc=net" mech=SIMPLE ssf=0
Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=0 RESULT tag=97 err=0 text=
Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=1 MOD dn="uid=dcunningham at test.mecnet.net,ou=test.mecnet.net,ou=customers,dc=mecnet,dc=net"
Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=1 MOD attr=userPassword
Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=1 RESULT tag=103 err=0 text=
Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=2 UNBIND
Jan 11 10:12:08 washington slapd[2489]: conn=200570 fd=18 closed


Any guidance would be appreciated.

Dave

More information about the horde mailing list