[horde] Problems with PASSWD and LDAP

David Cunningham dcunningham at additionnetworks.net
Thu Jan 14 20:23:39 UTC 2016 

Can you give me an example of how to do that?  I tried and it did not work.

The userdn should be:

uid=fullemailaddress,ou=emaildomainname,ou=customers,dc=mecnet,dc=net


Dave


> On Jan 13, 2016, at 5:11 AM, Jan Schneider <jan at horde.org> wrote:
> 
> 
> Zitat von David Cunningham <dcunningham at additionnetworks.net>:
> 
>> Hi All,
>> 
>> I believe I could make this work with the following:
>> 
>> ‘userdn’ => ‘uid=%u,ou=$d,ou=customers,dc=mecnet,dc=net
>> 
>> If I set the domain manually after the first ou rather than using ou=$d, everything works great.  But, it would appear that at some point the string replace for $d was removed from the code.  This once worked in the version for H3.
> 
> You need to use the userdn() hook, as mentioned in backends.php.
> 
>>> On Jan 12, 2016, at 1:09 PM, David Cunningham <dcunningham at additionnetworks.net> wrote:
>>> 
>>> Hi All,
>>> 
>>> I am attempting to configure PASSWD to reset my LDAP passwords on my new Horde 5 installation, just like it once existed on my Horde 3 installation.
>>> 
>>> I have the following backend configuration… matching my old one:
>>> 
>>> <?php
>>> $backends['ldap'] = array(
>>>   'disabled' => false,
>>>   'name' => 'Courier Mail Server',
>>>   'preferred' => 'courier.additionnetworks.net',
>>>   'driver' => 'Ldap',
>>>   'policy' => array(
>>>       'minLength' => 6,
>>>       'minNumeric' => 1,
>>>   ),
>>>   'params' => array(
>>>       'host' => 'courier.additionnetworks.net',
>>>       'port' => 389,
>>> 	'basedn' => 'ou=customers,dc=mecnet,dc=net',
>>>       // LDAP object key attribute.
>>>       'uid' => 'uid',
>>>       // The attribute storing the password.
>>>       //'attribute' => 'Password',
>>>       // These attributes will enable shadow password policies.
>>>       // 'shadowlastchange' => 'shadowLastChange',
>>>       // 'shadowmin' => 'shadowMin',
>>>       // This will be appended to the username when looking for the userdn.
>>>       'realm' => '',
>>>       // Use this filter when searching for the user's DN.
>>>       'filter' => 'uid',
>>>       // Hash method to use when storing the password
>>>       'encryption' => 'crypt',
>>>       // Whether to enable TLS for this LDAP connection
>>>       // Note: make sure that the host matches cn in the server certificate.
>>>       'tls' => false,
>>>       // Determine the user's DN. %u will be replaced by the user's ID.
>>>       // Alternatively, disable this option and instead use the 'userdn'
>>>       // hook (config/hooks.php) to dynamically set the userdn.
>>>       //'userdn' => 'uid=%u,ou=%d,ou=customers,dc=mecnet,dcnet'
>>>   ),
>>> );
>>> 
>>> 
>>> When attempting to reset a password, I see this in my openldap logs:
>>> 
>>> Jan 12 11:29:19 washington slapd[2489]: conn=201078 fd=18 ACCEPT from IP=216.20.10.19:33899 (IP=0.0.0.0:389)
>>> Jan 12 11:29:19 washington slapd[2489]: conn=201078 fd=18 closed (connection lost)
>>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 fd=18 ACCEPT from IP=216.20.10.19:33900 (IP=0.0.0.0:389)
>>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=0 BIND dn="" method=128
>>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=0 RESULT tag=97 err=0 text=
>>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
>>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=1 SRCH attr=vendorName vendorVersion namingContexts altServer supportedExtension supportedControl supportedSASLMechanisms supportedLDAPVersion subschemaSubentry
>>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
>>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=2 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
>>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=2 SRCH attr=subschemaSubentry
>>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
>>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=3 SRCH base="cn=Subschema" scope=0 deref=0 filter="(objectClass=*)"
>>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=3 SRCH attr=attributeTypes dITContentRules dITStructureRules matchingRules matchingRuleUse nameForms objectClasses ldapSyntaxes
>>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
>>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=4 BIND dn="uid=dcunningham at test.mecnet.net,ou=customers,dc=mecnet,dc=net" method=128
>>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=4 RESULT tag=97 err=49 text=
>>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 op=5 UNBIND
>>> Jan 12 11:29:19 washington slapd[2489]: conn=201079 fd=18 closed
>>> 
>>> 
>>> On my Horde 3 installation with the same settings, I get these entries in my logs, which DO work:
>>> 
>>> Jan 11 10:12:08 washington slapd[2489]: conn=200569 fd=18 ACCEPT from IP=216.20.10.16:59812 (IP=0.0.0.0:389)
>>> Jan 11 10:12:08 washington slapd[2489]: conn=200569 op=0 BIND dn="" method=128
>>> Jan 11 10:12:08 washington slapd[2489]: conn=200569 op=0 RESULT tag=97 err=49 text=
>>> Jan 11 10:12:08 washington slapd[2489]: conn=200569 op=1 SRCH base="ou=customers,dc=mecnet,dc=net" scope=2 deref=0 filter="(uid=dcunningham at test.mecnet.net)"
>>> Jan 11 10:12:08 washington slapd[2489]: conn=200569 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
>>> Jan 11 10:12:08 washington slapd[2489]: conn=200569 op=2 UNBIND
>>> Jan 11 10:12:08 washington slapd[2489]: conn=200569 fd=18 closed
>>> Jan 11 10:12:08 washington slapd[2489]: conn=200570 fd=18 ACCEPT from IP=216.20.10.16:59813 (IP=0.0.0.0:389)
>>> Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=0 BIND dn=“uid=dcunningham at test.mecnet.net,ou=test.mecnet.net,ou=customers,dc=mecnet,dc=net" method=128
>>> Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=0 BIND dn="uid=dcunningham at test.mecnet.net,ou=test.mecnet.net,ou=customers,dc=mecnet,dc=net" mech=SIMPLE ssf=0
>>> Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=0 RESULT tag=97 err=0 text=
>>> Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=1 MOD dn="uid=dcunningham at test.mecnet.net,ou=test.mecnet.net,ou=customers,dc=mecnet,dc=net"
>>> Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=1 MOD attr=userPassword
>>> Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=1 RESULT tag=103 err=0 text=
>>> Jan 11 10:12:08 washington slapd[2489]: conn=200570 op=2 UNBIND
>>> Jan 11 10:12:08 washington slapd[2489]: conn=200570 fd=18 closed
>>> 
>>> 
>>> Any guidance would be appreciated.
>>> 
>>> Dave
>>> --
>>> Horde mailing list
>>> Frequently Asked Questions: http://horde.org/faq/
>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>> 
>> --
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
> 
> 
> 
> -- 
> Jan Schneider
> The Horde Project
> http://www.horde.org/
> 
> -- 
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org

More information about the horde mailing list