[horde] Problems with PASSWD and LDAP

Jan Schneider jan at horde.org
Thu Jan 21 13:56:54 UTC 2016 

Zitat von David Cunningham <dcunningham at additionnetworks.net>:

> Here is a further follow up…
>
> This works:
>
> <?php
> $backends['ldap'] = array(
>     'disabled' => false,
>     'name' => 'Courier Mail Server',
>     'preferred' =>  
> 'courier.additionnetworks.net<http://courier.additionnetworks.net>',
>     'driver' => 'Ldap',
>     'policy' => array(
>         'minLength' => 6,
>         'minNumeric' => 1,
>     ),
>     'params' => array(
>         'host' =>  
> 'courier.additionnetworks.net<http://courier.additionnetworks.net>',
>         'port' => 389,
>         'basedn' =>  
> 'ou=test.mecnet.net<http://test.mecnet.net>,ou=customers,dc=mecnet,dc=net',
>         // LDAP object key attribute.
>         'uid' => 'uid',
>         // The attribute storing the password.
>         //'attribute' => 'Password',
>         // These attributes will enable shadow password policies.
>         // 'shadowlastchange' => 'shadowLastChange',
>         // 'shadowmin' => 'shadowMin',
>         // This will be appended to the username when looking for the userdn.
>         //'realm' => '',
>         // Use this filter when searching for the user's DN.
>         //'filter' => 'uid',
>         // Hash method to use when storing the password
>         'encryption' => 'crypt',
>         // Whether to enable TLS for this LDAP connection
>         // Note: make sure that the host matches cn in the server  
> certificate.
>         'tls' => false,
>         // Determine the user's DN. %u will be replaced by the user's ID.
>         // Alternatively, disable this option and instead use the 'userdn'
>         // hook (config/hooks.php) to dynamically set the userdn.
>         //'userdn' => 'uid=%u,ou=%d,ou=customers,dc=mecnet,dc=net'
>     ),
> );
>
>
> But!!!  I cannot do that… I need the domain name (IE,  
> test.mecnet.net<http://test.mecnet.net> in this example) to be  
> dynamic as I have dozens of different domains logging in.  This user  
> is dcunningham at test.mecnet.net<mailto:dcunningham at test.mecnet.net>.   
> I need that OU to be dynamic.  It says that %d should be replaced  
> with the domain, but it does not work.  When searching the code, I  
> do not see a str_replace for %d… just %u.

And it doesn't say that anywhere either. No idea where you got that  
information from.

> Dave
>
>
>
>
> On Jan 20, 2016, at 8:38 AM, David Cunningham  
> <dcunningham at additionnetworks.net<mailto:dcunningham at additionnetworks.net>>  
> wrote:
>
> Hi All, especially Jan,
>
> I never received a follow-up to this.  Can you help?
>
> Dave
>
>
>
> On Jan 14, 2016, at 3:49 PM, David Cunningham  
> <dcunningham at additionnetworks.net<mailto:dcunningham at additionnetworks.net>>  
> wrote:
>
>   {
>       // Example: Provide LDAP server with a userdn so that you do not
>       // have to perform anonymous binds.
>       return 'uid=' . $authid . ',ou=$domain,ou=customers,dc=mecnet,dc=net';
>   }

You need to parse the domain from the username. If $authid doesn't  
contain the domain, you need to get it from somewhere else.

-- 
Jan Schneider
The Horde Project
http://www.horde.org/

More information about the horde mailing list