[horde] Login process loop with composite driver http/ldap auth.

Jan Schneider jan at horde.org
Wed Oct 26 08:37:36 UTC 2016


Zitat von finalbeta <finalbeta at finalbeta.net>:

> Hello everyone.
>
>
>
> Thank you for this great product. I'm hoping to get some assistance with
> the composite auth driver.
>
> I've successfully tested horde with "http (Basic authentication/.htpasswd)
> authentication" and with "LDAP authentication" separately.
>
> Now I wish to combine the two so I can let users automatically logon to the
> system (using the basic auth) and being able to manage them by connecting
> to the LDAP.
>
> When I do, the Horde logon process is looping me between index.php and
> login.php ( and I don't know why. )
>
>
>
> I'm running Horde v5.2.12 with Kronolith v4.2.18 and nag 4.2.11 on CentOS7
> and PHP 5.4.16/Apache.
>
> this is my auth config (I've changed some values as not to disclose some
> information/please let me know if you need the entire config, I didn’t want
> to make the mail too long):
>
>
>
> $conf['auth']['admins'] = array('someuser', 'alsosomeuser');
>
> $conf['auth']['checkip'] = true;
>
> $conf['auth']['checkbrowser'] = true;
>
> $conf['auth']['resetpassword'] = false;
>
> $conf['auth']['alternate_login'] = false;
>
> $conf['auth']['redirect_on_logout'] = false;
>
> $conf['auth']['list_users'] = 'both';
>
> $conf['auth']['driver'] = 'composite';
>
> $conf['auth']['params']['admin_driver']['driver'] = 'ldap';
>
> $conf['auth']['params']['admin_driver']['params'] = array(
>
> 'hostspec' => array('172.16.xXx.xXx'),
>
> 'port' => 389,
>
> 'tls' => false,
>
> 'version' => '3',
>
> 'binddn' => 'SOMEDOMAIN\horde_link',
>
> 'bindpw' => 'fSomePWDK',
>
> 'bindas' => 'admin',
>
> 'basedn' => 'OU=Agents,OU=SOMEOU,DC=SOMEDOMAIN,DC=LOCAL',
>
> 'scope' => 'sub',
>
> 'ad' => true,
>
> 'uid' => 'userPrincipalName',
>
> 'encryption' => 'ssha',
>
> 'newuser_objectclass' => array('shadowAccount', 'inetOrgPerson'),
>
> 'filter' => '(&(objectCategory=person)(objectClass=user))',
>
> 'filter_type' => 'filter',
>
> 'password_expiration' => 'no'
>
> );
>
> $conf['auth']['params']['auth_driver']['driver'] = 'http';
>
> $conf['auth']['params']['auth_driver']['params'] = array(
>
> 'show_encryption' => true,
>
> 'encryption' => 'ssha'
>
> );
>
> $conf['auth']['params']['count_bad_logins'] = false;
>
> $conf['auth']['params']['login_block'] = false;
>
> $conf['auth']['params']['login_block_count'] = 10;
>
> $conf['auth']['params']['login_block_time'] = 5;
>
>
>
> If I update the configuration while being logged in to horde as an admin. I
> can in fact list the users in ldap. When I log out and try to log in again,
> the login process loops. (redirect loop).
>
>
>
> I've had a look at the code, but I might fail to grasp some things here.
>
> In login.php I see that the user does get authenticated and at line +-250
> index.php is required (I added some own debug lines at the time to make
> sure that was actually happening)
>
>
>
> if ($is_auth) {
>
>                 Horde::log(sprintf('Authenticated in logon.php %s',
> $is_auth),'NOTICE');
>
>     if (!$vars->app) {
>
>                                Horde::log(sprintf('Taking me back to the
> index'),'NOTICE');
>
>       require HORDE_BASE . '/index.php'; // <-- this line takes me back to
> index.php
>
>         exit;
>
>
>
> But then I can see this inside the log output every time:
>
>      HORDE [horde] Redirect to login page if there is no incomming URL and
> nobody is authed url below is prepended!!  [pid 20869 on line 62 of
> "/usr/share/horde/index.php"]
>
> So index.php is sending me back to login.php and so forth...
>
>
>
> Am I doing something wrong in my configuration? Is something else going on?
> (Is http and ldap auth not a supported combination?)
>
>
>
> Thank you for any assistance.
> Best regards,
> Jochen

This may only happen if $registry->isAuthenticated() in login.php  
succeeds (using the transparent http authentication), but  
$registry->getAuth() in index.php fails.
You may want to trace Horde_Registry further to see why this happens.

-- 
Jan Schneider
The Horde Project
http://www.horde.org/



More information about the horde mailing list