[sork] passwd ldap feature, searching for userdn not required on some installs..
Silver Salonen
silver at ultrasoft.ee
Thu Dec 29 00:08:05 PST 2005
Hi :)
As I understand, admin in Sork is just a person who can change current user's
password for sure. But every user is administrative to his own user object,
isn't he? :)
Does Sork have any functionality that should affect other users? If not then
it's not a problem if Sork thinks the current user is administrator.
About my LDAP-structure.. is there a difference whether I keep my domains in
dc=hosting or o=hosting? Which objectclass would the "o=hosting" be?
Silver
> Howdy,
>
> I must say that's an interesting way to do it! I would not have
> thought of setting the admin to the user. That seems kinda messy to
> me. There may be assumptions made that an admin is well .. you know an
> admin.
>
> I must also comment that your ldap structure is also interesting. Have
> you not considered something like:
>
> mail=silver at ultrasoft.ee,dc=ultrasoft.ee,o=hosting
>
> or
>
> mail=silver at ultrasoft.ee,dc=ultrasoft,dc=ee,o=hosting
>
> not that this is the list for ldap naming rants...
>
> Geff
>
> Quoting Silver Salonen <silver at ultrasoft.ee>:
>
> > Hi.
> >
> > Have I understood you correctly if I say the patch helps Sork to bind to
LDAP
> > as the user trying to change his password?
> >
> > If it is so then why do you need the patch for this? You could just
configure
> > your backend in that way, couldn't you?
> >
> > My backend's config:
> >
> > $uid = Auth::getAuth();
> > // users are divided by domain, ie. mail=silver at ultrasoft.ee,
> > cn=ultrasoft.ee,
> > dc=hosting
> > $basedn = 'cn=' . substr(strstr($uid, '@'), 1) . ',' . 'dc=hosting';
> > $backends['ldap'] = array(
> > ...
> > 'driver' => 'ldap',
> > 'params' => array(
> > 'basedn' => $basedn,
> > 'uid' => 'mail',
> > 'realm' => $basedn,
> > 'admindn' => 'mail=' . $uid . ','. $basedn,
> > 'adminpw' => Auth::getCredential('password'),
> > ...
> > )
> > );
> >
> > Sorry, if I didn't understand you correctly :)
> >
> > Silver
> >
> >> Howdy,
> >>
> >> All. This password / sork thing is an excellent module. I would
> >> suggest the following patch as an option for configuration of userdn.
> >> So that passwd does not have to bind at all to search for the user.
> >> And can just bind as the user to change their own password.
> >>
> >> Thoughts and rejection are welcome and expected as always. :)
> >>
> >> Something else I was thinking about was some way to have multiple
> >> backends update with a single update somehow? yes of course you get
> >> into issues with rolling back if one fails, but it would be handy from
> >> the user's perspective if the password policies matched and every
> >> service was up. The practical case is my OS password (via poppassd)
> >> and LDAP (addressbook). Any desire for such a patch?
> >>
> >> Thanks much for your time,
> >>
> >> Geff
> >>
> >> ----
> >>
> >> config param:
> >>
> >> 'userdn' => 'cn=' . Auth::getBareAuth() . ',ou=people,o=boing',
> >>
> >> "ou=people,o=boing" is my container for my user objects. I guess this
> >> could have been:
> >>
> >> 'userdn => 'cn=' . Auth::getBareAuth() . $params['basedn'];
> >>
> >> or something as such.
> >>
> >>
> >>
> >
kusanagi:/var/www/virtuals/mail.boing.com/htdocs/horde/passwd/lib/Driver)diff
> >> -c ldap.php*
> >> *** ldap.php Sat Dec 24 02:25:50 2005
> >> --- ldap.php.dist Sat Dec 24 01:52:51 2005
> >> ***************
> >> *** 206,215 ****
> >> */
> >> function _userDN($username, $old_password)
> >> {
> >> ! if ($this->_params['userdn']) {
> >> ! $userdn = $this->_params['userdn'];
> >> ! return $userdn;
> >> ! } else if ($GLOBALS['conf']['hooks']['userdn']) {
> >> $userdn = Horde::callHook('_passwd_hook_userdn',
> >> array(Auth::getAuth()));
> >> } else {
> >> --- 206,212 ----
> >> */
> >> function _userDN($username, $old_password)
> >> {
> >> ! if ($GLOBALS['conf']['hooks']['userdn']) {
> >> $userdn = Horde::callHook('_passwd_hook_userdn',
> >> array(Auth::getAuth()));
> >> } else {
More information about the sork
mailing list