[horde] Groupware Horde 5, module passwd with 389 Directory Server
Jan Schneider
jan at horde.org
Tue Jun 13 13:00:11 UTC 2017
Please don't top-post.
Zitat von wodel youchi <wodel.youchi at gmail.com>:
>
> 2016-04-12 12:07 GMT+01:00 wodel youchi <wodel.youchi at gmail.com>:
>
>> Hi and thanks,
>>
>> I am using 389 Directory Server (redhat directory server) as ldap backend.
>>
>> Regards.
>>
>> 2016-04-12 12:05 GMT+01:00 <bastian-horde-ml2015 at t6l.de>:
>>
>>> On 12Apr16 10:27 +0100, wodel youchi wrote:
>>> > Hi,
>>> >
>>> > I am trying to make passwd module let users to change their passwords.
>>> >
>>> > In the backend.php, there is two options for ldap : ldap and ldapadmin.
>>> >
>>> > I used ldapadmin with cn=Directory Manager (tls enables, it's required
>>> by
>>> > the 389DS) and it worked.
>>> >
>>> > then I tried to the second option (ldap), let the user change his
>>> password
>>> > with its own credentials, but it didn't work, I get constraint
>>> violation.
>>> >
>>> > any idea?
>>>
>>> ldap backend works for me. What kind of ldap server do you connect to?
>>>
>>> 'constraint violation' is maybe related to a missing ppolicy overlay in
>>> you ldap server?
>>>
>>> Cheers,
>>> --
>>> Bastian
>>>
>>
>>
> Hi again,
>
> Sorry for the delay, I didn't have much time to work on it.
>
> I did a new test, this time I tried to follow the php code.
>
> This is my configuration on backends.local.php on passwd module
>
> $backends['ldap'] = array(
> 'disabled' => false,
> 'name' => 'LDAP Server',
> 'driver' => 'Ldap',
> 'policy' => array(
> 'minLength' => 8,
> 'minNumeric' => 1,
> ),
> 'params' => array(
> 'host' => 'idm01.example.tld',
> 'port' => 389,
> 'basedn' => 'ou=people,dc=example,dc=tld',
> 'uid' => 'uid',
> 'attribute' => 'userPassword',
> 'realm' => '',
> 'filter' => '',
> 'encryption' => 'ssha',
> 'tls' => true,
> ),
> );
>
>
>
> From *horde/passwd/lib/Driver/Ldap.php*
>
> 167 // Change the user's password and update lastchange.
> 168 try {
> 169 $entry->replace(array(
> 170 $this->_params['attribute'] =>
> $this->_encryptPassword($newpass)
> 171 ), true);
> 172
> 173 if (!empty($this->_params['shadowlastchange']) &&
> 174 $lookupshadow['shadowlastchange']) {
> 175 $entry->replace(array(
> 176 $this->_params['shadowlastchange'] => floor(time()
> / 86400)
> 177 ));
> 178 }
> 179
> 180 *$entry->update();*
> 181 } catch (Horde_Ldap_Exception $e) {
> 182 throw new Passwd_Exception($e);
> 183 }
> 184 }
>
> This is the part responsible for the modification of the user password,
> especially the $entry->update() call
>
> This calls the update function on */usr/share/pear/Horde/Ldap/Entry.php*
>
> 628 */
> 629 * public function update()*
> 630 {
> .....
> .....
> 709 foreach ($this->_changes['replace'] as $attr => $value) {
> *710 if (!@ldap_modify($link, $this->dn(), array($attr =>
> $value))) {*
> *711 throw new Horde_Ldap_Exception('Could not replace
> attribute ' . $attr . ' values: ' . @ldap_error($link), @ldap_er
> rno($link));*
> 712 }
> 713 unset($this->_changes['replace'][$attr]);
> 714 }
>
> What I did is, add some output to the exception, in the 711th line (in
> blue) to look like this
>
>
> *711 throw new Horde_Ldap_Exception('Could not replace ###
> value is '. $value .' ### attribute ' . $attr . ' values: ' .
> @ldap_error($link), @ldap_er rno($link));*
>
> I just printed out the value of the attribute being modified, in my case
> it's the userPassword, what I get is the string "*Array*" not the clear
> password or even an encrypted string.
>
> Next I gave a static value to ldap_modify
>
>
>
> *710 if (!@ldap_modify($link, $this->dn(), array($attr =>
> "Mynewpass"))) {*
> And then I executed the change password from the Webui, and this time it
> worked.
>
> I am not a php expert, but it seems to me that there is a problem passing
> the value of the attribute?
No, passing an array as the value there is perfectly valid.
--
Jan Schneider
The Horde Project
https://www.horde.org/
More information about the horde
mailing list