[horde] Groupware Horde 5, module passwd with 389 Directory Server
wodel youchi
wodel.youchi at gmail.com
Tue Jun 13 12:37:27 UTC 2017
Hi again,
Sorry for the delay, I didn't have much time to work on it.
I did a new test, this time I tried to follow the php code.
This is my configuration on backends.local.php on passwd module
$backends['ldap'] = array(
'disabled' => false,
'name' => 'LDAP Server',
'driver' => 'Ldap',
'policy' => array(
'minLength' => 8,
'minNumeric' => 1,
),
'params' => array(
'host' => 'idm01.example.tld',
'port' => 389,
'basedn' => 'ou=people,dc=example,dc=tld',
'uid' => 'uid',
'attribute' => 'userPassword',
'realm' => '',
'filter' => '',
'encryption' => 'ssha',
'tls' => true,
),
);
>From *horde/passwd/lib/Driver/Ldap.php*
167 // Change the user's password and update lastchange.
168 try {
169 $entry->replace(array(
170 $this->_params['attribute'] =>
$this->_encryptPassword($newpass)
171 ), true);
172
173 if (!empty($this->_params['shadowlastchange']) &&
174 $lookupshadow['shadowlastchange']) {
175 $entry->replace(array(
176 $this->_params['shadowlastchange'] => floor(time()
/ 86400)
177 ));
178 }
179
180 *$entry->update();*
181 } catch (Horde_Ldap_Exception $e) {
182 throw new Passwd_Exception($e);
183 }
184 }
This is the part responsible for the modification of the user password,
especially the $entry->update() call
This calls the update function on */usr/share/pear/Horde/Ldap/Entry.php*
628 */
629 * public function update()*
630 {
.....
.....
709 foreach ($this->_changes['replace'] as $attr => $value) {
*710 if (!@ldap_modify($link, $this->dn(), array($attr =>
$value))) {*
*711 throw new Horde_Ldap_Exception('Could not replace
attribute ' . $attr . ' values: ' . @ldap_error($link), @ldap_er
rno($link));*
712 }
713 unset($this->_changes['replace'][$attr]);
714 }
What I did is, add some output to the exception, in the 711th line (in
blue) to look like this
*711 throw new Horde_Ldap_Exception('Could not replace ###
value is '. $value .' ### attribute ' . $attr . ' values: ' .
@ldap_error($link), @ldap_er rno($link));*
I just printed out the value of the attribute being modified, in my case
it's the userPassword, what I get is the string "*Array*" not the clear
password or even an encrypted string.
Next I gave a static value to ldap_modify
*710 if (!@ldap_modify($link, $this->dn(), array($attr =>
"Mynewpass"))) {*
And then I executed the change password from the Webui, and this time it
worked.
I am not a php expert, but it seems to me that there is a problem passing
the value of the attribute?
Regards.
2016-04-12 12:07 GMT+01:00 wodel youchi <wodel.youchi at gmail.com>:
> Hi and thanks,
>
> I am using 389 Directory Server (redhat directory server) as ldap backend.
>
> Regards.
>
> 2016-04-12 12:05 GMT+01:00 <bastian-horde-ml2015 at t6l.de>:
>
>> On 12Apr16 10:27 +0100, wodel youchi wrote:
>> > Hi,
>> >
>> > I am trying to make passwd module let users to change their passwords.
>> >
>> > In the backend.php, there is two options for ldap : ldap and ldapadmin.
>> >
>> > I used ldapadmin with cn=Directory Manager (tls enables, it's required
>> by
>> > the 389DS) and it worked.
>> >
>> > then I tried to the second option (ldap), let the user change his
>> password
>> > with its own credentials, but it didn't work, I get constraint
>> violation.
>> >
>> > any idea?
>>
>> ldap backend works for me. What kind of ldap server do you connect to?
>>
>> 'constraint violation' is maybe related to a missing ppolicy overlay in
>> you ldap server?
>>
>> Cheers,
>> --
>> Bastian
>>
>
>
More information about the horde
mailing list