[sork] passwd ldap feature, searching for userdn not required on some installs..

Silver Salonen silver at ultrasoft.ee
Tue Dec 27 01:26:40 PST 2005 

Hi.

Have I understood you correctly if I say the patch helps Sork to bind to LDAP 
as the user trying to change his password?

If it is so then why do you need the patch for this? You could just configure 
your backend in that way, couldn't you?

My backend's config:

$uid = Auth::getAuth();
// users are divided by domain, ie. mail=silver at ultrasoft.ee, cn=ultrasoft.ee, 
dc=hosting
$basedn = 'cn=' . substr(strstr($uid, '@'), 1) . ',' . 'dc=hosting';
$backends['ldap'] = array(
	...
	'driver' => 'ldap',
	'params' => array(
		'basedn' => $basedn,
		'uid' => 'mail',
		'realm' => $basedn,
		'admindn' => 'mail=' . $uid . ','. $basedn,
		'adminpw' => Auth::getCredential('password'),
		...
	)
);

Sorry, if I didn't understand you correctly :)

Silver

> Howdy,
> 
> All.  This password / sork thing is an excellent module.  I would 
> suggest the following patch as an option for configuration of userdn.  
> So that passwd does not have to bind at all to search for the user.  
> And can just bind as the user to change their own password.
> 
> Thoughts and rejection are welcome and expected as always. :)
> 
> Something else I was thinking about was some way to have multiple 
> backends update with a single update somehow?  yes of course you get 
> into issues with rolling back if one fails, but it would be handy from 
> the user's perspective if the password policies matched and every 
> service was up.  The practical case is my OS password (via poppassd) 
> and LDAP (addressbook).  Any desire for such a patch?
> 
> Thanks much for your time,
> 
> Geff
> 
> ----
> 
> config param:
> 
>         'userdn' => 'cn=' . Auth::getBareAuth() . ',ou=people,o=boing',
> 
> "ou=people,o=boing" is my container for my user objects.  I guess this 
> could have been:
> 
> 'userdn => 'cn=' . Auth::getBareAuth() . $params['basedn'];
> 
> or something as such.
> 
> 
> 
kusanagi:/var/www/virtuals/mail.boing.com/htdocs/horde/passwd/lib/Driver)diff 
> -c ldap.php*
> *** ldap.php    Sat Dec 24 02:25:50 2005
> --- ldap.php.dist       Sat Dec 24 01:52:51 2005
> ***************
> *** 206,215 ****
>        */
>       function _userDN($username, $old_password)
>       {
> !         if ($this->_params['userdn']) {
> !             $userdn = $this->_params['userdn'];
> !           return $userdn;
> !       } else if ($GLOBALS['conf']['hooks']['userdn']) {
>               $userdn = Horde::callHook('_passwd_hook_userdn',
>                                         array(Auth::getAuth()));
>           } else {
> --- 206,212 ----
>        */
>       function _userDN($username, $old_password)
>       {
> !         if ($GLOBALS['conf']['hooks']['userdn']) {
>               $userdn = Horde::callHook('_passwd_hook_userdn',
>                                         array(Auth::getAuth()));
>           } else {

More information about the sork mailing list