[horde] Horde 5.2.13 (final)

Jens Wahnes wahnes at uni-koeln.de
Thu Dec 22 09:22:42 UTC 2016


On Wed, Dec 21 2016, at 17:25:35 +0000, Jan Schneider wrote:

> Zitat von Jens Wahnes <wahnes at uni-koeln.de>:
>> On Mon, Dec 19 2016, at 14:58:46 +0000, Michael J Rubinsky wrote:
>>> Quoting Anthony Joseph Messina <amessina at messinet.com>:
>>>> On Monday, December 19, 2016 8:28:39 AM CST Volker Then wrote:
>>>>> Quoting Michael J Rubinsky <mrubinsk at horde.org>:
>>>>> > The Horde Team is pleased to announce the final release of the Horde
>>>>> > Application Framework version 5.2.13.
>>>>> did you change something on the ldap authentication mechanism lately?
>>>>> After updating conf.php, user logins are all denied. I reversed back
>>>>> to the old conf file, and authentication is working again.
>>>> It seems the following ['user'] params were added.  I use FreeIPA,  
>>>> so my LDAP
>>>> settings are as below (some lines wrapped).  With the following,
>>>> authentication works again.
>>> AFAIKT, there hasn't been any change to the ldap auth parameters in well
>>> over a year. Where do you see that these were recently added?
>> I've seen similar problems with our setup.  The new version 5.2.13
>> requires the conf.php to be updated via the web interface. When doing
>> so, the "Id" line in conf.php is updated and, in our case, the
>> following lines were added:
>>
>> $conf['ldap']['user']['uid'] = 'uid';
>> $conf['ldap']['user']['objectclass'] = array('*');
>> $conf['ldap']['user']['filter_type'] = 'objectclass';
>>
>> If I remove these three lines (leaving the changed line that starts
>> with "// $Id" intact), LDAP authentication works fine and horde does
>> not complain about needing to update the "Horde" configuration file
>> anymore.
>>
>> Could it be that the configuration editor uses a different set of
>> default attributes than the actual authentication code does?

> So are you guys saying that having these set by default breaks the  
> existing LDAP configuration?

Yes, that's what's happening in our case at least.  If those 3 lines,
which were added automatically, are present in conf.php, logins via LDAP
fail.  Once I remove them, all is fine.

There is also very little information about what's wrong in that
"error" case in the log file -- even when logging is set to the debug
level.  There are log entries, for example, that show information being
read from and written to the horde_histories table regarding
logins.failed information as well as logins.failed informationen being
searched in Memcache.  But nothing about LDAP, e.g. no log entry about
which of the two LDAP servers we have set up via
"$conf['ldap']['hostspec']" is being used, no info about the actual
LDAP search being conducted (as opposed to SQL queries that are in fact
logged on the debug level).  Does LDAP authentication actually log
_any_ information?

> Please try the latest Horde_Core package from Git that I just committed.

I'll try to do that, although I'm more comfortable with waiting for a
new release that I can install via pear. :)


Jens
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <https://lists.horde.org/archives/horde/attachments/20161222/43cb13e3/attachment.bin>


More information about the horde mailing list