[horde] Login process loop with composite driver http/ldap auth.

finalbeta finalbeta at finalbeta.net
Sun Oct 23 21:29:24 UTC 2016

Hello everyone.

Thank you for this great product. I'm hoping to get some assistance with
the composite auth driver.

I've successfully tested horde with "http (Basic authentication/.htpasswd)
authentication" and with "LDAP authentication" separately.

Now I wish to combine the two so I can let users automatically logon to the
system (using the basic auth) and being able to manage them by connecting
to the LDAP.

When I do, the Horde logon process is looping me between index.php and
login.php ( and I don't know why. )

I'm running Horde v5.2.12 with Kronolith v4.2.18 and nag 4.2.11 on CentOS7
and PHP 5.4.16/Apache.

this is my auth config (I've changed some values as not to disclose some
information/please let me know if you need the entire config, I didn’t want
to make the mail too long):

$conf['auth']['admins'] = array('someuser', 'alsosomeuser');

$conf['auth']['checkip'] = true;

$conf['auth']['checkbrowser'] = true;

$conf['auth']['resetpassword'] = false;

$conf['auth']['alternate_login'] = false;

$conf['auth']['redirect_on_logout'] = false;

$conf['auth']['list_users'] = 'both';

$conf['auth']['driver'] = 'composite';

$conf['auth']['params']['admin_driver']['driver'] = 'ldap';

$conf['auth']['params']['admin_driver']['params'] = array(

'hostspec' => array('172.16.xXx.xXx'),

'port' => 389,

'tls' => false,

'version' => '3',

'binddn' => 'SOMEDOMAIN\horde_link',

'bindpw' => 'fSomePWDK',

'bindas' => 'admin',


'scope' => 'sub',

'ad' => true,

'uid' => 'userPrincipalName',

'encryption' => 'ssha',

'newuser_objectclass' => array('shadowAccount', 'inetOrgPerson'),

'filter' => '(&(objectCategory=person)(objectClass=user))',

'filter_type' => 'filter',

'password_expiration' => 'no'


$conf['auth']['params']['auth_driver']['driver'] = 'http';

$conf['auth']['params']['auth_driver']['params'] = array(

'show_encryption' => true,

'encryption' => 'ssha'


$conf['auth']['params']['count_bad_logins'] = false;

$conf['auth']['params']['login_block'] = false;

$conf['auth']['params']['login_block_count'] = 10;

$conf['auth']['params']['login_block_time'] = 5;

If I update the configuration while being logged in to horde as an admin. I
can in fact list the users in ldap. When I log out and try to log in again,
the login process loops. (redirect loop).

I've had a look at the code, but I might fail to grasp some things here.

In login.php I see that the user does get authenticated and at line +-250
index.php is required (I added some own debug lines at the time to make
sure that was actually happening)

if ($is_auth) {

                Horde::log(sprintf('Authenticated in logon.php %s',

    if (!$vars->app) {

                               Horde::log(sprintf('Taking me back to the

      require HORDE_BASE . '/index.php'; // <-- this line takes me back to


But then I can see this inside the log output every time:

     HORDE [horde] Redirect to login page if there is no incomming URL and
nobody is authed url below is prepended!!  [pid 20869 on line 62 of

So index.php is sending me back to login.php and so forth...

Am I doing something wrong in my configuration? Is something else going on?
(Is http and ldap auth not a supported combination?)

Thank you for any assistance.
Best regards,

More information about the horde mailing list