[sork] Re: Passwd changing IMP + LDAP + POP3

[Mattias Webjörn Eriksson]

Hello, just subscribed.
I'm running horde using the ldap part of passwd module, partly modified to
let users authenticate themselves to ldap and change their own passwords.
It works fine.
I see one advantage with this approach and that is not letting root
passwords "lying arround" in textfiles.

Thanks anyway for a nice module.

Best Regards
Mattias Webjörn Eriksson

On Fri, 28 Jun 2002, Edwin Culp wrote:

> Quoting Eric Rostetter <eric.rostetter@physics.utexas.edu>:
>
>  | Quoting dystopia@scholieren.com:
>  |
>  | > On Thu, Jun 27, 2002 at 11:32:49PM -0500, Eric Rostetter wrote:
>  | > > I don't run ldap (yet) so that is pretty much like jibberish to me=
.
>  | > > But I think the key is the "by self write" based on my discussions=
 with
>  | > > two other people running ldap.
>  | >
>  | > Yeah. I saw you currently just login using rootdn to change a
>  | > userPassword but actually a user can authenticate to LDAP theirselve=
s
>  | > like they do when logging in to Horde/IMP itself.
>  |
>  | I like this method, and am willing to switch to it if I get enough
>  | support.  With you, there are now 2 for the switch, 1 against.  So if
>  | you want I can make the change now ;)
>
> Please make that three for the switch:-)
>
>
>  |
>  | > LDAP is very restrictive in this matter. Ie. only userPassword can b=
e
>  | > changed. When writing a configuration tool in PHP in which you want =
a
>  | > user to be able to change their aliases for example, you can add the=
se
>  | > attributes in your ldap conf as well. But I don't think Horde/IMP is
>  | > aimed to this, right? In the future it might be interesting as an
>  | > option/plugin :)
>  |
>  | I don't know if this would be generally useful or not.  So I won't com=
mit
>  | to anything at this point.
>  |
>  | > > Yes, which sounds like a good idea.  BTW, are your passwords store=
d
>  | clear
>  | > > text or encrypted?  If encrypted, what encryption scheme are you u=
sing?
>  | >
>  | > I'm currently using crypt, standard scheme used by phpQLAdmin, a
>  | > configuration utility for Qmail-LDAP. It supports SHA and MD5 as wel=
l
>  | > for passwords longer then 8 characters, but LDAP does not support
>  | > hashes. Source of this info is here:
>  | > http://www.adfinis.ch/projects/phpQLAdmin/demo/doc/faq.php
>  |
>  | Okay.
>  |
>  | > When i tried your passwd addon and filled in the correct password i =
get
>  | > this:
>  | >
>  | > Fatal error: Call to undefined function: mhash() in
>  | > /home/www/iis/webmail/passwd/ldap.php on line 44
>  |
>  | Yes, the current code uses the mhash() funtion of the mcrypt php exten=
sion
>  | to create the SHA hash.  This error means you don't have mcrypt enable=
d
>  | in php.  We can remove this dependency.
>
> I think I also had to add a --with-mhash to my compile in addition to mcr=
ypt
> but I have a --with overload sometimes.
>
> I will be trying to help out with sork.  I can see it becoming a general
> purpose source of webbased, horde admin tools.
>
> ed
>
> --
> Sork mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: sork-unsubscribe@lists.horde.org
>
>