[sork] Passwd and LDAP problems

Mon Jun 7 13:42:12 PDT 2004

Quoting AJ <aj at mindcrash.com>:

> Ed,
>    Here is the output.
> If you look at the filter= line, it does not seem to be grabbing the @
> which is
> part of the uid.
> maybe I need to specify a userdn somehow?

AJ,

Now I understand.  In IMP there is a hook that takes care of
adding the @domain.tld, but in horde I'm not aware of one and
for some reason, that I don't remember right now, I didn't use
the realm.  What I did, that I can't recommend, was modify
Auth.php.
Quick and dirty, I substituted
      $userId = trim($userId);
for
    $userId = trim($userId) . '@' .
string::lower(preg_replace('|^mail\.|i', '',
getenv('HTTP_HOST')));

That way it just adds the @domain name that I am accessing with
apache to the UID that in my case is mail.

I did this some time ago and had actually forgotten about it.
Thanks for reminding me :)  It would seem that the same could be
done withthe preauthenticate hook, at least in head.

Not too much help and/or not the best solution but it has worked
for me for some time although I am going to look at the
preauthenticate hook as possibly a cleaner solution.

Thanks,

ed
>
> Thanks.
> AJ
>
> Jun  7 15:01:12 linux-beta slapd[7956]: conn=70 fd=19 ACCEPT from
> IP=127.0.0.1:32959 (IP=0.0.0.0:389)
> Jun  7 15:01:12 linux-beta slapd[7959]: bind: invalid dn
> (john.smith at domain.com)
> Jun  7 15:01:12 linux-beta slapd[7959]: conn=70 op=0 RESULT tag=97 err=34
> text=invalid DN
> Jun  7 15:01:12 linux-beta slapd[7960]: conn=70 op=1 BIND dn="" method=128
> Jun  7 15:01:12 linux-beta slapd[7960]: conn=70 op=1 RESULT tag=97 
> err=0 text=
> Jun  7 15:01:12 linux-beta slapd[7959]: conn=70 op=2 SRCH
> base="ou=users,dc=domain,dc=com" scope=2 filter="(uid=john.smith)"
> Jun  7 15:01:12 linux-beta slapd[7959]: conn=70 op=2 SEARCH RESULT
> tag=101 err=0
> nentries=0 text=
> Jun  7 15:01:12 linux-beta slapd[7960]: conn=70 op=3 UNBIND
> Jun  7 15:01:12 linux-beta slapd[7960]: conn=70 fd=19 closed
>
>
>
>
>
>
> Quoting Edwin Culp <eculp at encontacto.net>:
>
>> Quoting AJ <aj at mindcrash.com>:
>>
>>> Hi,
>>>   I am using IMP for authentication against a cyrus imap server, 
>>> which in turns
>>> authenticate against an LDAP directory.
>>
>> What does your slapd.log file show when trying to change the
>> password?
>>
>> I just checked mine in head and get:
>>
>> Jun  7 13:54:38 home slapd[14273]: conn=22 op=0 BIND
>> dn="mail=eculp at mymail.org,ou=people,o=mydomain.org" mech=SIMPLE
>> ssf=0
>> Jun  7 13:54:38 home slapd[14273]: conn=22 op=0 RESULT tag=97
>> err=0 text=
>> Jun  7 13:54:38 home slapd[14273]: conn=22 op=1 MOD
>> dn="mail=eculp at mymail.org,ou=people,o=mydomain.org"
>> Jun  7 13:54:38 home slapd[14273]: conn=22 op=1 MOD
>> attr=userPassword
>> Jun  7 13:54:38 home slapd[14273]: conn=22 op=1 RESULT tag=103
>> err=0 text=
>>
>> The last two lines show the attribute modified and the last line
>> shows success.
>>
>> ed
>>
>>> Mu uid's are in the form of firstname.lastname at domain.com.
>>> I am NOT using realms with horde.  Passwd does not seem to work 
>>> with or without
>>> the realm setting in backends.php.  What do I need to do to get 
>>> this to work?
>>> I keep getting a user not found error.  It seems to be ignoring the @ sign.
>>> Here is backends.php:
>>>
>>> $backends['ldap'] = array(
>>>     'name' => 'LDAP',
>>>     'preferred' => 'localhost',
>>>     'password policy' => array(
>>>         'minLength' => 3,
>>>         'maxLength' => 8
>>>     ),
>>>     'driver' => 'ldap',
>>>     'params' => array(
>>>         'host' => 'localhost',
>>>         'port' => 389,
>>>         'basedn' => 'ou=users,dc=domain,dc=com',
>>>         'uid' => 'uid',
>>>         'realm' => 'domain.com',
>>>         'encryption' => 'ssha',
>>>         'tls' => false // make sure the host == cn in the server 
>>> certificate
>>>     )
>>> );
>>>
>>>
>>> Thanks!
>>> AJ
>>>
>>> --
>>> Sork mailing list - Join the hunt: http://horde.org/bounties/#sork
>>> Frequently Asked Questions: http://horde.org/faq/
>>> To unsubscribe, mail: sork-unsubscribe at lists.horde.org
>>
>>
>>
>> --
>> Sork mailing list - Join the hunt: http://horde.org/bounties/#sork
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: sork-unsubscribe at lists.horde.org