[horde] Horde 5.2.13 (final)

Jens Wahnes wahnes at uni-koeln.de
Wed Dec 21 14:50:27 UTC 2016 

On Mon, Dec 19 2016, at 14:58:46 +0000, Michael J Rubinsky wrote:

> Quoting Anthony Joseph Messina <amessina at messinet.com>:
>
>> On Monday, December 19, 2016 8:28:39 AM CST Volker Then wrote:
>>> Quoting Michael J Rubinsky <mrubinsk at horde.org>:
>>> > The Horde Team is pleased to announce the final release of the Horde
>>> > Application Framework version 5.2.13.
>>>
>>> Hi Mike,
>>>
>>> did you change something on the ldap authentication mechanism lately?
>>> After updating conf.php, user logins are all denied. I reversed back
>>> to the old conf file, and authentication is working again.
>>>
>>> Volker
>>
>> It seems the following ['user'] params were added.  I use FreeIPA, so my LDAP
>> settings are as below (some lines wrapped).  With the following,
>> authentication works again.
>
> AFAIKT, there hasn't been any change to the ldap auth parameters in well 
> over a year. Where do you see that these were recently added?

I've seen similar problems with our setup.  The new version 5.2.13
requires the conf.php to be updated via the web interface. When doing
so, the "Id" line in conf.php is updated and, in our case, the
following lines were added:

$conf['ldap']['user']['uid'] = 'uid';
$conf['ldap']['user']['objectclass'] = array('*');
$conf['ldap']['user']['filter_type'] = 'objectclass';

If I remove these three lines (leaving the changed line that starts
with "// $Id" intact), LDAP authentication works fine and horde does
not complain about needing to update the "Horde" configuration file
anymore.

Could it be that the configuration editor uses a different set of
default attributes than the actual authentication code does?

I do not tend to fiddle with conf.php often, so it may well be a bug
that was not introduced lately, but has been with the configuration
editor for a while now.

Another thing about the configuration editor that has bothered me for a
quite some time is that it seems to be forgetting the
$conf['sql']['read']['hostspec'] setting. With a split-read
configuration for MySQL, it will always enter the name of the "master"
SQL server into that field unless you manually edit it to the
designated "slave" SQL server name. That is, the once correct setting
of $conf['sql']['read']['hostspec'] in conf.php is overwritten by a
wrong one unless one remembers to fix that up in the config editor.


Jens
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <https://lists.horde.org/archives/horde/attachments/20161221/b5050aae/attachment.bin>

More information about the horde mailing list