[sork] Re: Passwd changing IMP + LDAP + POP3

Edwin Culp eculp@encontacto.net
Fri, 28 Jun 2002 19:21:55 -0700


Quoting Eric Rostetter <eric.rostetter@physics.utexas.edu>:

 | Quoting Edwin Culp <eculp@encontacto.net>:
 | 
 | >  | Please test it and let me know what happens.
 | > 
 | > It works if your acl's allow anonymous reads -- or writes :-)  My work
 | 
 | Are you saying you don't allow anonymous reads??? 
 
No, I don't and use ldap for apache, courier, horde/turba and even prefs.

 | Maybe you allow only anonymous auth?  

I use something like this:
        by      self    write
        by      anonymous       auth
        by      *       none

 | Is it possible to allow both read+auth???
Yes, just change the above none to read.

Why would I want/need anonymous reads?  I like to give my users privacy
and the acl's  keep the individual addressbook entries private and 
secure among other things in turba. If there is a better and/or 
simpler way, I would love to know it. I'm constantly battling with ldap:-)

 | 
 | > around is to change the method for determining the user's dn in ldap.php
 | > 
 | >     function lookupdn($user, $realm, $basedn, $uid) {
 | > //      $sr = ldap_search($this->ds, $basedn, "$uid=$user@$realm");
 | > //      $entry = ldap_first_entry($this->ds, $sr);
 | > //      $dn = ldap_get_dn($this->ds, $entry);
 | >       $dn = $basedn;
 | >       return $dn;
 | >     }
 | > 
 | > Which makes the function a place holder, at best, for now.
 | 
 | Would it help if there were two connect/lookup routines -- one that would
 | login as root and look up the user, the other which would login as 
 | anonymous/guest and lookup the user?  Then you would configure which one
 | to use in the conf.php file???

Personally, I don't have a problem with it the way it is.  I prefer to
just bind with a dn and password and skip the anonymous lookup.  I'm very
interested in other folks opinions because there are many different ways
to configure ldap.

 | 
 | > In my conf.php I just added the following as basedn
 | > 
 | > basedn => 'mail=' . $usermail . ',ou=people,o=worldinternet.org',
 | > 
 | > That way I do not depend on an anonymous search to find the dn that fails
 | > with read permission.
s/with/without/ above.
 | 
 | Does this always fail, or just in some installations/setups???

IMO, this will always fail without anonymous read in acl's .  When I 
enabled read to test, it seemed to work fine. 

I think this is a fantastic program and appreciate your contribuiting it.

Thanks and have a great weekend,

ed