[sork] Re: Passwd changing IMP + LDAP + POP3

Mattias Webjörn Eriksson mattias@webjorn.org
Fri, 28 Jun 2002 19:24:36 +0200 (MEST)


Hello, just subscribed.
I'm running horde using the ldap part of passwd module, partly modified to
let users authenticate themselves to ldap and change their own passwords.
It works fine.
I see one advantage with this approach and that is not letting root
passwords "lying arround" in textfiles.

Thanks anyway for a nice module.

Best Regards
Mattias Webjörn Eriksson

On Fri, 28 Jun 2002, Edwin Culp wrote:

> Quoting Eric Rostetter <eric.rostetter@physics.utexas.edu>:
>
>  | Quoting dystopia@scholieren.com:
>  |
>  | > On Thu, Jun 27, 2002 at 11:32:49PM -0500, Eric Rostetter wrote:
>  | > > I don't run ldap (yet) so that is pretty much like jibberish to me=
.
>  | > > But I think the key is the "by self write" based on my discussions=
 with
>  | > > two other people running ldap.
>  | >
>  | > Yeah. I saw you currently just login using rootdn to change a
>  | > userPassword but actually a user can authenticate to LDAP theirselve=
s
>  | > like they do when logging in to Horde/IMP itself.
>  |
>  | I like this method, and am willing to switch to it if I get enough
>  | support.  With you, there are now 2 for the switch, 1 against.  So if
>  | you want I can make the change now ;)
>
> Please make that three for the switch:-)
>
>
>  |
>  | > LDAP is very restrictive in this matter. Ie. only userPassword can b=
e
>  | > changed. When writing a configuration tool in PHP in which you want =
a
>  | > user to be able to change their aliases for example, you can add the=
se
>  | > attributes in your ldap conf as well. But I don't think Horde/IMP is
>  | > aimed to this, right? In the future it might be interesting as an
>  | > option/plugin :)
>  |
>  | I don't know if this would be generally useful or not.  So I won't com=
mit
>  | to anything at this point.
>  |
>  | > > Yes, which sounds like a good idea.  BTW, are your passwords store=
d
>  | clear
>  | > > text or encrypted?  If encrypted, what encryption scheme are you u=
sing?
>  | >
>  | > I'm currently using crypt, standard scheme used by phpQLAdmin, a
>  | > configuration utility for Qmail-LDAP. It supports SHA and MD5 as wel=
l
>  | > for passwords longer then 8 characters, but LDAP does not support
>  | > hashes. Source of this info is here:
>  | > http://www.adfinis.ch/projects/phpQLAdmin/demo/doc/faq.php
>  |
>  | Okay.
>  |
>  | > When i tried your passwd addon and filled in the correct password i =
get
>  | > this:
>  | >
>  | > Fatal error: Call to undefined function: mhash() in
>  | > /home/www/iis/webmail/passwd/ldap.php on line 44
>  |
>  | Yes, the current code uses the mhash() funtion of the mcrypt php exten=
sion
>  | to create the SHA hash.  This error means you don't have mcrypt enable=
d
>  | in php.  We can remove this dependency.
>
> I think I also had to add a --with-mhash to my compile in addition to mcr=
ypt
> but I have a --with overload sometimes.
>
> I will be trying to help out with sork.  I can see it becoming a general
> purpose source of webbased, horde admin tools.
>
> ed
>
> --
> Sork mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: sork-unsubscribe@lists.horde.org
>
>