[sork] Re: [PATCH] new ldap driver for passwd

Thielpark Systeme GmbH - Philipp Offermann offermann at thielpark.de
Mon Feb 14 13:57:14 PST 2005


Le Lundi, 14. Février 2005 19:48, Roel Gloudemans a écrit :
> Hi Philipp,
>
> To do it right I think the choice how to log on should be configurable.

Of cause the driver is configurable, you can choose which driver to use in 
"backend.php". I just coded an additional driver which gives you more choice.


> The correct way from a security point of view is using the own userdn
> (one less admin password in a config file), but I've seen situations
> where the admin dn would be better.

I don't want users to be able to log into ldap. Therefore there is only an 
admin login possible in my case.


>
> The shadow parameters are for password policies. Why should they be
> removed? (I for one use them to make passwords expire and to warn the
> user when this is going to happen)

I know they are useful, but I don't use them and they give me error messages 
because the fields the function looks for don't exist in my directory. And 
there is no option to switch shadow off. I thought about adding the option, 
but couldn't be bothered as I don't use it. If you need it feel free to 
include it.


> I like the ssl addon.

It's copy-paste from the ldap driver. ;-)


> On a broader perspective: Maybe it is better to e.g. merge passwd and
> accounts. There are a few functions you would like to have on both
> sides (it test I have even have an accounts module that can talk to an
> AD; no passwords yet though, but you would need to have admin access to
> the directory). Cheers,
> Roel.

I don't want to manage accounts through horde, so for me just passwd is quite 
all right. There could be uses of a merged project, I don't know too much 
about it, as long as I can switch off the account part.


>
> Quoting Thielpark Systeme GmbH - Philipp Offermann <offermann at thielpark.de>:
> > Hi,
> >
> > I wrote a new driver for passwd based on the ldap driver. It uses an
> > admin login for logging into the ldap instead of the userdn. I removed
> > the shadow functions because I don't need them, but it shouldn't be
> > difficult to put them in again. Could someone please check and commit the
> > patch or send me a comment?
> >
> > Thanks,
> > Philipp
> > Thielpark Systeme GmbH


More information about the sork mailing list