[sork] Re: [PATCH] new ldap driver for passwd
Thielpark Systeme GmbH - Philipp Offermann
offermann at thielpark.de
Mon Feb 14 13:57:14 PST 2005
Le Lundi, 14. Février 2005 19:48, Roel Gloudemans a écrit :
> Hi Philipp,
>
> To do it right I think the choice how to log on should be configurable.
Of cause the driver is configurable, you can choose which driver to use in
"backend.php". I just coded an additional driver which gives you more choice.
> The correct way from a security point of view is using the own userdn
> (one less admin password in a config file), but I've seen situations
> where the admin dn would be better.
I don't want users to be able to log into ldap. Therefore there is only an
admin login possible in my case.
>
> The shadow parameters are for password policies. Why should they be
> removed? (I for one use them to make passwords expire and to warn the
> user when this is going to happen)
I know they are useful, but I don't use them and they give me error messages
because the fields the function looks for don't exist in my directory. And
there is no option to switch shadow off. I thought about adding the option,
but couldn't be bothered as I don't use it. If you need it feel free to
include it.
> I like the ssl addon.
It's copy-paste from the ldap driver. ;-)
> On a broader perspective: Maybe it is better to e.g. merge passwd and
> accounts. There are a few functions you would like to have on both
> sides (it test I have even have an accounts module that can talk to an
> AD; no passwords yet though, but you would need to have admin access to
> the directory). Cheers,
> Roel.
I don't want to manage accounts through horde, so for me just passwd is quite
all right. There could be uses of a merged project, I don't know too much
about it, as long as I can switch off the account part.
>
> Quoting Thielpark Systeme GmbH - Philipp Offermann <offermann at thielpark.de>:
> > Hi,
> >
> > I wrote a new driver for passwd based on the ldap driver. It uses an
> > admin login for logging into the ldap instead of the userdn. I removed
> > the shadow functions because I don't need them, but it shouldn't be
> > difficult to put them in again. Could someone please check and commit the
> > patch or send me a comment?
> >
> > Thanks,
> > Philipp
> > Thielpark Systeme GmbH
More information about the sork
mailing list