[sork] Patch - passwd - LDAP Driver improvements for ActiveDirectory interoperability

LRM lrm at ionline.com.br
Mon May 3 08:35:18 PDT 2004


Jan,

Attached a new revision of the patch, this time with your suggestion,
removed the _sslconnect function and replaced it with a Boolean parameter
added to _connect to indicate it's an ssl connection.

Still we need to use the 'sslhost' parameter because on SSL connections, the
name on the server certificate must match exactly the name of the host you
are connecting to, else you'll get errors connecting over SSL.

So since this is a change password operation only, the presence of the
'sslhost' parameter is enough to tell the code to use ssl on the exact
specified host only when changing the passwords.

So if the 'sslhost' parameter is missing, the code will use the normal
'host' and 'port' parameters to try changing the passwords.

For the other bind and search operations, the 'host' and 'port' parameters
are still used as before, non-SSL.

Let me know any issues you may find here, thanks.

LRM


Zitat von LRM <lrm at ionline.com.br>:

> HEAD - Heres a small patch that adds some features to the original passwd
> LDAP driver, looking for improvements on the Active Directory
> interoperability.
>
>
>
> New attribute 'sslhost' for secure connections to the LDAP Server (must be
> used url here, "ldaps://localhost/", because of certificate issues).
>
> New function _sslconnect, used only when parameter 'sslhost' is present.

As _sslconnect is actually almost identically to _connect, it would make
more sense to me to use a boolean 'ssl' parameter and prefix the original
host with ldaps:/ in _connect, if set.

> _lookupdn now tries to connect as the current logged user first, then as
> guest if it fails.
>
> changePassword now also tries to connect using the realm parameter to
login
> as the current user on AD.

Can someone using the plain LDAP driver please verify that this patch
doesn't break anything there?

> Needed this when trying to change users passwords from passwd Horde
> application on Active Directory domain.

Thanks for the patch, before submitting a new version, please review the
indentation in your added code.

Jan.

--
http://www.horde.org - The Horde Project
http://www.ammma.de - Neue Wege des Lernens
http://www.tip4all.de - Deine private Tippgemeinschaft
-- 
Sork mailing list - Join the hunt: http://horde.org/bounties/#sork
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: sork-unsubscribe at lists.horde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: passwd.lib.driver.ldap.php.patch
Type: application/octet-stream
Size: 3658 bytes
Desc: not available
Url : http://lists.horde.org/archives/sork/attachments/20040503/addb83eb/passwd.lib.driver.ldap.php-0001.obj


More information about the sork mailing list