[horde] Problems with PASSWD and LDAP

Jan Schneider jan at horde.org
Wed Jan 13 10:11:29 UTC 2016 

Zitat von David Cunningham <dcunningham at additionnetworks.net>:

> Hi All,
>
> I believe I could make this work with the following:
>
> ‘userdn’ => ‘uid=%u,ou=$d,ou=customers,dc=mecnet,dc=net
>
> If I set the domain manually after the first ou rather than using  
> ou=$d, everything works great.  But, it would appear that at some  
> point the string replace for $d was removed from the code.  This  
> once worked in the version for H3.

You need to use the userdn() hook, as mentioned in backends.php.

>> On Jan 12, 2016, at 1:09 PM, David Cunningham  
>> <dcunningham at additionnetworks.net> wrote:
>>
>> Hi All,
>>
>> I am attempting to configure PASSWD to reset my LDAP passwords on  
>> my new Horde 5 installation, just like it once existed on my Horde  
>> 3 installation.
>>
>> I have the following backend configuration… matching my old one:
>>
>> <?php
>> $backends['ldap'] = array(
>>    'disabled' => false,
>>    'name' => 'Courier Mail Server',
>>    'preferred' => 'courier.additionnetworks.net',
>>    'driver' => 'Ldap',
>>    'policy' => array(
>>        'minLength' => 6,
>>        'minNumeric' => 1,
>>    ),
>>    'params' => array(
>>        'host' => 'courier.additionnetworks.net',
>>        'port' => 389,
>> 	'basedn' => 'ou=customers,dc=mecnet,dc=net',
>>        // LDAP object key attribute.
>>        'uid' => 'uid',
>>        // The attribute storing the password.
>>        //'attribute' => 'Password',
>>        // These attributes will enable shadow password policies.
>>        // 'shadowlastchange' => 'shadowLastChange',
>>        // 'shadowmin' => 'shadowMin',
>>        // This will be appended to the username when looking for the userdn.
>>        'realm' => '',
>>        // Use this filter when searching for the user's DN.
>>        'filter' => 'uid',
>>        // Hash method to use when storing the password
>>        'encryption' => 'crypt',
>>        // Whether to enable TLS for this LDAP connection
>>        // Note: make sure that the host matches cn in the server  
>> certificate.
>>        'tls' => false,
>>        // Determine the user's DN. %u will be replaced by the user's ID.
>>        // Alternatively, disable this option and instead use the 'userdn'
>>        // hook (config/hooks.php) to dynamically set the userdn.
>>        //'userdn' => 'uid=%u,ou=%d,ou=customers,dc=mecnet,dcnet'
>>    ),
>> );
>>
>>
>> When attempting to reset a password, I see this in my openldap logs:
>>
>> Jan 12 11:29:19 washington slapd[2489]: conn=201078 fd=18 ACCEPT  
>> from IP=216.20.10.19:33899 (IP=0.0.0.0:389)
>> Jan 12 11:29:19 washington slapd[2489]: conn=201078 fd=18 closed  
>> (connection lost)
>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 fd=18 ACCEPT  
>> from IP=216.20.10.19:33900 (IP=0.0.0.0:389)
>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=0 BIND dn=""  
>> method=128
>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=0 RESULT  
>> tag=97 err=0 text=
>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=1 SRCH  
>> base="" scope=0 deref=0 filter="(objectClass=*)"
>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=1 SRCH  
>> attr=vendorName vendorVersion namingContexts altServer  
>> supportedExtension supportedControl supportedSASLMechanisms  
>> supportedLDAPVersion subschemaSubentry
>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=1 SEARCH  
>> RESULT tag=101 err=0 nentries=1 text=
>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=2 SRCH  
>> base="" scope=0 deref=0 filter="(objectClass=*)"
>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=2 SRCH  
>> attr=subschemaSubentry
>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=2 SEARCH  
>> RESULT tag=101 err=0 nentries=1 text=
>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=3 SRCH  
>> base="cn=Subschema" scope=0 deref=0 filter="(objectClass=*)"
>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=3 SRCH  
>> attr=attributeTypes dITContentRules dITStructureRules matchingRules  
>> matchingRuleUse nameForms objectClasses ldapSyntaxes
>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=3 SEARCH  
>> RESULT tag=101 err=0 nentries=1 text=
>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=4 BIND  
>> dn="uid=dcunningham at test.mecnet.net,ou=customers,dc=mecnet,dc=net"  
>> method=128
>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=4 RESULT  
>> tag=97 err=49 text=
>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=5 UNBIND
>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 fd=18 closed
>>
>>
>> On my Horde 3 installation with the same settings, I get these  
>> entries in my logs, which DO work:
>>
>> Jan 11 10:12:08 washington slapd[2489]: conn=200569 fd=18 ACCEPT  
>> from IP=216.20.10.16:59812 (IP=0.0.0.0:389)
>> Jan 11 10:12:08 washington slapd[2489]: conn=200569 op=0 BIND dn=""  
>> method=128
>> Jan 11 10:12:08 washington slapd[2489]: conn=200569 op=0 RESULT  
>> tag=97 err=49 text=
>> Jan 11 10:12:08 washington slapd[2489]: conn=200569 op=1 SRCH  
>> base="ou=customers,dc=mecnet,dc=net" scope=2 deref=0  
>> filter="(uid=dcunningham at test.mecnet.net)"
>> Jan 11 10:12:08 washington slapd[2489]: conn=200569 op=1 SEARCH  
>> RESULT tag=101 err=0 nentries=1 text=
>> Jan 11 10:12:08 washington slapd[2489]: conn=200569 op=2 UNBIND
>> Jan 11 10:12:08 washington slapd[2489]: conn=200569 fd=18 closed
>> Jan 11 10:12:08 washington slapd[2489]: conn=200570 fd=18 ACCEPT  
>> from IP=216.20.10.16:59813 (IP=0.0.0.0:389)
>> Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=0 BIND  
>> dn=“uid=dcunningham at test.mecnet.net,ou=test.mecnet.net,ou=customers,dc=mecnet,dc=net"  
>> method=128
>> Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=0 BIND  
>> dn="uid=dcunningham at test.mecnet.net,ou=test.mecnet.net,ou=customers,dc=mecnet,dc=net" mech=SIMPLE  
>> ssf=0
>> Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=0 RESULT  
>> tag=97 err=0 text=
>> Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=1 MOD  
>> dn="uid=dcunningham at test.mecnet.net,ou=test.mecnet.net,ou=customers,dc=mecnet,dc=net"
>> Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=1 MOD  
>> attr=userPassword
>> Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=1 RESULT  
>> tag=103 err=0 text=
>> Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=2 UNBIND
>> Jan 11 10:12:08 washington slapd[2489]: conn=200570 fd=18 closed
>>
>>
>> Any guidance would be appreciated.
>>
>> Dave
>> --
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org



-- 
Jan Schneider
The Horde Project
http://www.horde.org/

More information about the horde mailing list