[sork] Re: Passwd changing IMP + LDAP + POP3

Eric Rostetter eric.rostetter@physics.utexas.edu
Fri, 28 Jun 2002 09:51:36 -0500


Quoting dystopia@scholieren.com:

> On Thu, Jun 27, 2002 at 11:32:49PM -0500, Eric Rostetter wrote:
> > I don't run ldap (yet) so that is pretty much like jibberish to me. 
> > But I think the key is the "by self write" based on my discussions with
> > two other people running ldap.
> 
> Yeah. I saw you currently just login using rootdn to change a
> userPassword but actually a user can authenticate to LDAP theirselves
> like they do when logging in to Horde/IMP itself. 

I like this method, and am willing to switch to it if I get enough
support.  With you, there are now 2 for the switch, 1 against.  So if
you want I can make the change now ;)

> LDAP is very restrictive in this matter. Ie. only userPassword can be
> changed. When writing a configuration tool in PHP in which you want a
> user to be able to change their aliases for example, you can add these
> attributes in your ldap conf as well. But I don't think Horde/IMP is
> aimed to this, right? In the future it might be interesting as an
> option/plugin :)

I don't know if this would be generally useful or not.  So I won't commit
to anything at this point.
 
> > Yes, which sounds like a good idea.  BTW, are your passwords stored clear
> > text or encrypted?  If encrypted, what encryption scheme are you using?
> 
> I'm currently using crypt, standard scheme used by phpQLAdmin, a
> configuration utility for Qmail-LDAP. It supports SHA and MD5 as well
> for passwords longer then 8 characters, but LDAP does not support
> hashes. Source of this info is here:
> http://www.adfinis.ch/projects/phpQLAdmin/demo/doc/faq.php

Okay.

> When i tried your passwd addon and filled in the correct password i get
> this:
> 
> Fatal error: Call to undefined function: mhash() in
> /home/www/iis/webmail/passwd/ldap.php on line 44

Yes, the current code uses the mhash() funtion of the mcrypt php extension
to create the SHA hash.  This error means you don't have mcrypt enabled
in php.  We can remove this dependency.
 
> > Well, it was based on the help I could get.  If you want to help
> test/debug
> > the current code, I'll glady change it for your setup.  :) 
> 
> I'd like to, but I don't know PHP. I'm trying to read your source but
> editting it I cannot. I do want to help you setting up an LDAP server
> (althought it's not that hard as some people say it is) or by
> contributing giving you information I gave you in this mail and by
> testing the CVS regularly. I can also provide Dutch translations.

At this time, what I would need would be:

1) People to test out the code and give feedback.
2) Help documenting the module's ldap support.
3) Dutch translations.

I don't need programmers.  I need testers, and people who know/use ldap to
help with the INSTALL documentation, etc.

> > I just need volunteers.  BTW, if you are interested, please sign up for
> > my "sork" mailing list so we can discuss it there.  Info at 
> > http://lists.horde.org/mailmain/listinfo/sork/
> 
> Done :) unfortunetely the archives do not work; I get 404's. I will
> refer people from IRC who are interested into this to the project and
> mailing list as well.

Okay, well, there we no messages on the list, so that may be why the archives
didn't work.  This is the 2nd message to the list (as far as I know) so maybe
it will work now?

> Kind regards & good luck,
> Jeroen

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

"TAD (Technology Attachment Disorder) is an unshakable, impractical devotion
to a brand, platform, product line, or programming language. It's relatively
harmless among the rank and file, but when management is afflicted the damage
can be measured in dollars. It's also contagious -- someone with sufficient
political clout can infect an entire organization."

--"Enterprise Strategies" columnist Tom Yager.