[horde] Problems changing passwords

Jan Schneider jan at horde.org
Thu Jan 21 13:42:11 UTC 2016


Zitat von Ralph Ballier <ballier at mail.schule.de>:

> Zitat von Jan Schneider <jan at horde.org>:
>
>> Zitat von Ralph Ballier <ballier at mail.schule.de>:
>>
>>> Hello,
>>>
>>> we use LDAP for authentication. BaseDN is
>>> ou=davinci,ou=people,dc=school,dc=de, search is sub.
>>>
>>> DN of user alice is:  uid=alice,ou=davinci,ou=people,dc=school,dc=de
>>>
>>> DN of user bob is:
>>>  uid=bob,ou=others,ou=davinci,ou=people,dc=school,dc=de
>>>
>>> Authentication of alice and bob are no problem.
>>>
>>> Now alice and bob try to change here password.
>>>
>>> alice: no problem
>>>
>>> bob: It don't work (invalid credentials)
>>>
>>> You see in the logfile, that slapd try to bind with
>>>   uid=bob,ou=davinci,ou=people,dc=school,dc=de , but this DN don't
>>> exists.
>>
>> Then where did it get the DN from?
>>
>> --
>> Jan Schneider
>> The Horde Project
>> http://www.horde.org/
>>  
>
> I mean, it is not a problem to find the user DN, if you make a search with
> "sub" and then bind to the correct DN.
>
> But if you write to this DN (perhaps for changing the password), slapd must
> take the same DN, which he has found before. But I suppose, it takes the
> baseDN, which is found in horde/passwd/config/backends.local.php ('basedn'
> => 'ou=davinci,ou=people,dc=school,dc=de').

Correct, this is the fall back if any other way to determine the DN  
fails. These options are tried in the specified order:
1) 'userdn' parameter in backends[.local].php
2) userdn() hook in hooks.php
3) user + base dn

So what you probably want is a userdn() hook.

-- 
Jan Schneider
The Horde Project
http://www.horde.org/



More information about the horde mailing list