[sork] Passwd and LDAP problems

AJ aj at mindcrash.com
Mon Jun 7 15:02:48 PDT 2004 

Ed,
   Thanks for the reply.
I have also tried to use the realm in backends.php, which did not work 
either, did you try this?
Does anyone have a solution to this?
I am going to post this as a bug.

Thanks.
AJ

Edwin Culp wrote:
> Quoting AJ <aj at mindcrash.com>:
> 
>> Ed,
>>    Here is the output.
>> If you look at the filter= line, it does not seem to be grabbing the @
>> which is
>> part of the uid.
>> maybe I need to specify a userdn somehow?
> 
> 
> AJ,
> 
> Now I understand.  In IMP there is a hook that takes care of
> adding the @domain.tld, but in horde I'm not aware of one and
> for some reason, that I don't remember right now, I didn't use
> the realm.  What I did, that I can't recommend, was modify
> Auth.php.
> Quick and dirty, I substituted
>      $userId = trim($userId);
> for
>    $userId = trim($userId) . '@' .
> string::lower(preg_replace('|^mail\.|i', '',
> getenv('HTTP_HOST')));
> 
> That way it just adds the @domain name that I am accessing with
> apache to the UID that in my case is mail.
> 
> I did this some time ago and had actually forgotten about it.
> Thanks for reminding me :)  It would seem that the same could be
> done withthe preauthenticate hook, at least in head.
> 
> Not too much help and/or not the best solution but it has worked
> for me for some time although I am going to look at the
> preauthenticate hook as possibly a cleaner solution.
> 
> Thanks,
> 
> ed
> 
>>
>> Thanks.
>> AJ
>>
>> Jun  7 15:01:12 linux-beta slapd[7956]: conn=70 fd=19 ACCEPT from
>> IP=127.0.0.1:32959 (IP=0.0.0.0:389)
>> Jun  7 15:01:12 linux-beta slapd[7959]: bind: invalid dn
>> (john.smith at domain.com)
>> Jun  7 15:01:12 linux-beta slapd[7959]: conn=70 op=0 RESULT tag=97 err=34
>> text=invalid DN
>> Jun  7 15:01:12 linux-beta slapd[7960]: conn=70 op=1 BIND dn="" 
>> method=128
>> Jun  7 15:01:12 linux-beta slapd[7960]: conn=70 op=1 RESULT tag=97 
>> err=0 text=
>> Jun  7 15:01:12 linux-beta slapd[7959]: conn=70 op=2 SRCH
>> base="ou=users,dc=domain,dc=com" scope=2 filter="(uid=john.smith)"
>> Jun  7 15:01:12 linux-beta slapd[7959]: conn=70 op=2 SEARCH RESULT
>> tag=101 err=0
>> nentries=0 text=
>> Jun  7 15:01:12 linux-beta slapd[7960]: conn=70 op=3 UNBIND
>> Jun  7 15:01:12 linux-beta slapd[7960]: conn=70 fd=19 closed
>>
>>
>>
>>
>>
>>
>> Quoting Edwin Culp <eculp at encontacto.net>:
>>
>>> Quoting AJ <aj at mindcrash.com>:
>>>
>>>> Hi,
>>>>   I am using IMP for authentication against a cyrus imap server, 
>>>> which in turns
>>>> authenticate against an LDAP directory.
>>>
>>>
>>> What does your slapd.log file show when trying to change the
>>> password?
>>>
>>> I just checked mine in head and get:
>>>
>>> Jun  7 13:54:38 home slapd[14273]: conn=22 op=0 BIND
>>> dn="mail=eculp at mymail.org,ou=people,o=mydomain.org" mech=SIMPLE
>>> ssf=0
>>> Jun  7 13:54:38 home slapd[14273]: conn=22 op=0 RESULT tag=97
>>> err=0 text=
>>> Jun  7 13:54:38 home slapd[14273]: conn=22 op=1 MOD
>>> dn="mail=eculp at mymail.org,ou=people,o=mydomain.org"
>>> Jun  7 13:54:38 home slapd[14273]: conn=22 op=1 MOD
>>> attr=userPassword
>>> Jun  7 13:54:38 home slapd[14273]: conn=22 op=1 RESULT tag=103
>>> err=0 text=
>>>
>>> The last two lines show the attribute modified and the last line
>>> shows success.
>>>
>>> ed
>>>
>>>> Mu uid's are in the form of firstname.lastname at domain.com.
>>>> I am NOT using realms with horde.  Passwd does not seem to work with 
>>>> or without
>>>> the realm setting in backends.php.  What do I need to do to get this 
>>>> to work?
>>>> I keep getting a user not found error.  It seems to be ignoring the 
>>>> @ sign.
>>>> Here is backends.php:
>>>>
>>>> $backends['ldap'] = array(
>>>>     'name' => 'LDAP',
>>>>     'preferred' => 'localhost',
>>>>     'password policy' => array(
>>>>         'minLength' => 3,
>>>>         'maxLength' => 8
>>>>     ),
>>>>     'driver' => 'ldap',
>>>>     'params' => array(
>>>>         'host' => 'localhost',
>>>>         'port' => 389,
>>>>         'basedn' => 'ou=users,dc=domain,dc=com',
>>>>         'uid' => 'uid',
>>>>         'realm' => 'domain.com',
>>>>         'encryption' => 'ssha',
>>>>         'tls' => false // make sure the host == cn in the server 
>>>> certificate
>>>>     )
>>>> );
>>>>
>>>>
>>>> Thanks!
>>>> AJ
>>>>
>>>> -- 
>>>> Sork mailing list - Join the hunt: http://horde.org/bounties/#sork
>>>> Frequently Asked Questions: http://horde.org/faq/
>>>> To unsubscribe, mail: sork-unsubscribe at lists.horde.org
>>>
>>>
>>>
>>>
>>> -- 
>>> Sork mailing list - Join the hunt: http://horde.org/bounties/#sork
>>> Frequently Asked Questions: http://horde.org/faq/
>>> To unsubscribe, mail: sork-unsubscribe at lists.horde.org
> 
> 
> 
>

More information about the sork mailing list