[horde] passwd again

Wed Nov 16 15:03:24 UTC 2016


On 11/16/2016 03:23 PM, Hendrik Noack wrote:
>> -----Ursprüngliche Nachricht-----
>> Von: horde [mailto:horde-bounces at lists.horde.org] Im Auftrag von Frank
>> Lienhard
>> Gesendet: Mittwoch, 16. November 2016 15:14
>> An: horde at lists.horde.org
>> Betreff: Re: [horde] passwd again
>>
>>
>>
>> On 11/16/2016 03:00 PM, Hendrik Noack wrote:
>>>> -----Ursprüngliche Nachricht-----
>>>> Von: horde [mailto:horde-bounces at lists.horde.org] Im Auftrag von
>>>> Frank Lienhard
>>>> Gesendet: Mittwoch, 16. November 2016 14:45
>>>> An: horde at lists.horde.org
>>>> Betreff: Re: [horde] passwd again
>>>>
>>>>
>>>>
>>>> On 11/16/2016 01:32 PM, Arjen de Korte wrote:
>>>>> Citeren Frank Lienhard <frank at mclien.de>:
>>>>>
>>>>>> I installed passwd according to official doku via pear.
>>>>>>
>>>>>> But I get:
>>>>>> No backend configured for this host when trying to change passwords
>>>>>> as user.
>>>>>>
>>>>>> I understand there is some backend to configure, but I lack the
>>>>>> knowledge where to define and more important what backend (most
>>>> post
>>>>>> talk about ldap, which seams wrong in my setup, since I don't use
>>>>>> any ldap server. So what is the default way of how horde organizes
>>>>>> user/passwd)?
>>>>>
>>>>> Horde by default uses the IMAP server to authenticate users. If you
>>>>> didn't change that, you're the only one who can tell how your IMAP
>>>>> server authenticates users. The backend you need to configure,
>>>>> depends on the method your IMAP server uses.
>>>>>
>>>>>
>>>>>
>>>> Is that still so, if I use the groupware variante of horde (without
>>>> the
>>> webmail
>>>> part) ?
>>>
>>> So how do you organize your user accounts? The webinterface offers
>>> quite a lot of options for user authentication, even if you don't use
>>> an IMAP server. If you have local user accounts only on that server,
>>> you could use PAM for authentication, simply because most linux
>>> distributions have PAM already set up. If you have a Microsoft
>>> environment with Active Directory running, LDAP ist he way to go,
>>> since AD is just a little different from normal LDAP. There a lots of
> good
>> tutorials out there for AD.
>>>
>>> I personally use the webmail edition. User authentication is done via
>>> PAM, but not in Horde directly. I have my SMTP and IMAP server set to
>>> authenticate users against PAM. I have my users and groups in an
>>> Active Directory which is connected to PAM via winbind (or sssd in
>>> newer installations). That way I can ues different services, but
>>> always the same authentication mechanism.
>>
>> What I did is I installed the grouware edition and didn't touch the
> default
>> values that com with it (except forcing horde to https).
>> I then installed the passwd module to let the users change their own
> passwd,
>> which apparently won't work in this combination.
>> I use the horde admin user to genereate new users.
>>
>> The default setting of the groupware edition has the following setting for
>> that:
>> Configuration -Authentication -  $conf[auth][driver] is set to SQL
>> Authentcation and $conf[auth][params][driverconfig] to horde defaults
>>
>> LDAP and IMAP servers are disabled by default.
>>
>> So somehow passwd seems not to be able to communicate with the SQL
>> driver?
> 
> Ok I think I can't give you any better advice, because I never used SQL
> authentication.
> There is a lot of options in the web interface for SQL auth, so I assume
> your SQL auth is working fine apart from passwd?
exactly

> 
> https://www.horde.org/apps/passwd/docs/INSTALL/#configuring-passwd
there are only some settings, from which only
$conf[backend][backend_list] seems fitting. Descriptioin text is:
" Should we display a list of backends (defined in config/backends.php)
for users to choose from? If 'hidden', then you can use the 'preferred'
mechanism in backends.local.php to auto-select based on an HTTP
virtualhost or another piece of data. If 'shown', the user will be able
to pick from any of the options."
> 
> Sound like you just need a few settings in the web interface to get it
> running. Sorry, maybe someone else with SQL auth experience can help you.
> 
The above seems to imply, that it is expected that you do the
confguration of the backend directly in the config files. I looked into
it and found (in .../horde/passwd/config/backends.php), that by default
ALL backends are set to "'disabled' => true,"
So I think I need to have a backend confg file to edit. Preferable
generate a backends.local.php instead of editing backends.php

There are 2 sql backends, though:
"hordesql"  and "sql"  (and there is also a "hordeauth", which seems the
wrong option to me , since the "$conf[auth][driver]" is set to SQL)