[sork] passwd with LDAP driver

Amith Varghese amith@xalan.com
10 Aug 2002 17:27:25 -0400


---------------------- multipart/mixed attachment
I've read the list archives a bit and have noticed that there has been
some discussion about how exactly the LDAP driver for passwd should
work.  Currently it seems that the driver binds to the LDAP server
anonymously, retrieves the the uid from the server, then rebinds to the
tree as that user, then changes the password.

However for me this is a problem becase i'm making my LDAP server
available to the outside world (over ssl).  I don't want people to be
able to bind anonymously and get a list of e-mail address, names, etc. 
So in my slapd.conf I have the following ACL

access to dn=".*,ou=People,dc=example,dc=com" attr=userPassword
        by self write
        by * auth

defaultaccess none

So, obviously the passwd module won't work for me :)

So what I've done is created a patch that allows you to do both.  In the
conf.php file you can set an optional array with the uid of the user
that should be changed.  So for example, mine looks like

$conf['server']['params']['optional'] = array (
  'userdn' => 'uid=' . Auth::getAuth() . ',ou=People,dc=example,dc=com',
);

In the ldap driver I look to see whether this optional parameter is
set.  If it is *not* set, then the code performs like it used to.  If it
*is* set then from the beginning it binds as "userdn" and skips the
searching and rebinding process.

I've also added MD5 encryption as one of the supported encryption types.

I've shuffled the code some in the ldap driver, so if there are any
stylistic changes that need to be made i can do that.  Also, I wasn't
sure how to "add" the userdn parameter.  I guess I could have put it
with the other parameters but since its not required i moved it to a
seperate one.  Let me know if anyone has comments/questions.

Thanks
Amith







---------------------- multipart/mixed attachment
A non-text attachment was scrubbed...
Name: passwd.diff
Type: text/x-patch
Size: 5311 bytes
Desc: not available
Url : http://lists.horde.org/archives/sork/attachments/36349358/passwd.diff

---------------------- multipart/mixed attachment--