[horde] Login process loop with composite driver http/ldap auth.

finalbeta finalbeta at finalbeta.net
Sun Oct 23 21:29:24 UTC 2016 

Hello everyone.



Thank you for this great product. I'm hoping to get some assistance with
the composite auth driver.

I've successfully tested horde with "http (Basic authentication/.htpasswd)
authentication" and with "LDAP authentication" separately.

Now I wish to combine the two so I can let users automatically logon to the
system (using the basic auth) and being able to manage them by connecting
to the LDAP.

When I do, the Horde logon process is looping me between index.php and
login.php ( and I don't know why. )



I'm running Horde v5.2.12 with Kronolith v4.2.18 and nag 4.2.11 on CentOS7
and PHP 5.4.16/Apache.

this is my auth config (I've changed some values as not to disclose some
information/please let me know if you need the entire config, I didn’t want
to make the mail too long):



$conf['auth']['admins'] = array('someuser', 'alsosomeuser');

$conf['auth']['checkip'] = true;

$conf['auth']['checkbrowser'] = true;

$conf['auth']['resetpassword'] = false;

$conf['auth']['alternate_login'] = false;

$conf['auth']['redirect_on_logout'] = false;

$conf['auth']['list_users'] = 'both';

$conf['auth']['driver'] = 'composite';

$conf['auth']['params']['admin_driver']['driver'] = 'ldap';

$conf['auth']['params']['admin_driver']['params'] = array(

'hostspec' => array('172.16.xXx.xXx'),

'port' => 389,

'tls' => false,

'version' => '3',

'binddn' => 'SOMEDOMAIN\horde_link',

'bindpw' => 'fSomePWDK',

'bindas' => 'admin',

'basedn' => 'OU=Agents,OU=SOMEOU,DC=SOMEDOMAIN,DC=LOCAL',

'scope' => 'sub',

'ad' => true,

'uid' => 'userPrincipalName',

'encryption' => 'ssha',

'newuser_objectclass' => array('shadowAccount', 'inetOrgPerson'),

'filter' => '(&(objectCategory=person)(objectClass=user))',

'filter_type' => 'filter',

'password_expiration' => 'no'

);

$conf['auth']['params']['auth_driver']['driver'] = 'http';

$conf['auth']['params']['auth_driver']['params'] = array(

'show_encryption' => true,

'encryption' => 'ssha'

);

$conf['auth']['params']['count_bad_logins'] = false;

$conf['auth']['params']['login_block'] = false;

$conf['auth']['params']['login_block_count'] = 10;

$conf['auth']['params']['login_block_time'] = 5;



If I update the configuration while being logged in to horde as an admin. I
can in fact list the users in ldap. When I log out and try to log in again,
the login process loops. (redirect loop).



I've had a look at the code, but I might fail to grasp some things here.

In login.php I see that the user does get authenticated and at line +-250
index.php is required (I added some own debug lines at the time to make
sure that was actually happening)



if ($is_auth) {

                Horde::log(sprintf('Authenticated in logon.php %s',
$is_auth),'NOTICE');

    if (!$vars->app) {

                               Horde::log(sprintf('Taking me back to the
index'),'NOTICE');

      require HORDE_BASE . '/index.php'; // <-- this line takes me back to
index.php

        exit;



But then I can see this inside the log output every time:

     HORDE [horde] Redirect to login page if there is no incomming URL and
nobody is authed url below is prepended!!  [pid 20869 on line 62 of
"/usr/share/horde/index.php"]

So index.php is sending me back to login.php and so forth...



Am I doing something wrong in my configuration? Is something else going on?
(Is http and ldap auth not a supported combination?)



Thank you for any assistance.
Best regards,
Jochen

More information about the horde mailing list