[sork] passwd ldap feature, searching for userdn not required on some installs..

Geff boing at boing.com
Thu Dec 29 00:37:14 PST 2005 

it's just all about perspective and clarity to potential admins.  But 
bottom line if the patch is taken, great.  If not ... oh well.

o is an organization.  There are different options. o or ou or what not.

Geff

Quoting Silver Salonen <silver at ultrasoft.ee>:

> Hi :)
>
> As I understand, admin in Sork is just a person who can change current user's
> password for sure. But every user is administrative to his own user object,
> isn't he? :)
>
> Does Sork have any functionality that should affect other users? If not then
> it's not a problem if Sork thinks the current user is administrator.
>
> About my LDAP-structure.. is there a difference whether I keep my domains in
> dc=hosting or o=hosting? Which objectclass would the "o=hosting" be?
>
> Silver
>
>> Howdy,
>>
>> I must say that's an interesting way to do it!  I would not have
>> thought of setting the admin to the user.  That seems kinda messy to
>> me.  There may be assumptions made that an admin is well .. you know an
>> admin.
>>
>> I must also comment that your ldap structure is also interesting.  Have
>> you not considered something like:
>>
>> mail=silver at ultrasoft.ee,dc=ultrasoft.ee,o=hosting
>>
>> or
>>
>> mail=silver at ultrasoft.ee,dc=ultrasoft,dc=ee,o=hosting
>>
>> not that this is the list for ldap naming rants...
>>
>> Geff
>>
>> Quoting Silver Salonen <silver at ultrasoft.ee>:
>>
>> > Hi.
>> >
>> > Have I understood you correctly if I say the patch helps Sork to bind to
> LDAP
>> > as the user trying to change his password?
>> >
>> > If it is so then why do you need the patch for this? You could just
> configure
>> > your backend in that way, couldn't you?
>> >
>> > My backend's config:
>> >
>> > $uid = Auth::getAuth();
>> > // users are divided by domain, ie. mail=silver at ultrasoft.ee,
>> > cn=ultrasoft.ee,
>> > dc=hosting
>> > $basedn = 'cn=' . substr(strstr($uid, '@'), 1) . ',' . 'dc=hosting';
>> > $backends['ldap'] = array(
>> > 	...
>> > 	'driver' => 'ldap',
>> > 	'params' => array(
>> > 		'basedn' => $basedn,
>> > 		'uid' => 'mail',
>> > 		'realm' => $basedn,
>> > 		'admindn' => 'mail=' . $uid . ','. $basedn,
>> > 		'adminpw' => Auth::getCredential('password'),
>> > 		...
>> > 	)
>> > );
>> >
>> > Sorry, if I didn't understand you correctly :)
>> >
>> > Silver
>> >
>> >> Howdy,
>> >>
>> >> All.  This password / sork thing is an excellent module.  I would
>> >> suggest the following patch as an option for configuration of userdn.
>> >> So that passwd does not have to bind at all to search for the user.
>> >> And can just bind as the user to change their own password.
>> >>
>> >> Thoughts and rejection are welcome and expected as always. :)
>> >>
>> >> Something else I was thinking about was some way to have multiple
>> >> backends update with a single update somehow?  yes of course you get
>> >> into issues with rolling back if one fails, but it would be handy from
>> >> the user's perspective if the password policies matched and every
>> >> service was up.  The practical case is my OS password (via poppassd)
>> >> and LDAP (addressbook).  Any desire for such a patch?
>> >>
>> >> Thanks much for your time,
>> >>
>> >> Geff
>> >>
>> >> ----
>> >>
>> >> config param:
>> >>
>> >>         'userdn' => 'cn=' . Auth::getBareAuth() . ',ou=people,o=boing',
>> >>
>> >> "ou=people,o=boing" is my container for my user objects.  I guess this
>> >> could have been:
>> >>
>> >> 'userdn => 'cn=' . Auth::getBareAuth() . $params['basedn'];
>> >>
>> >> or something as such.
>> >>
>> >>
>> >>
>> >
> kusanagi:/var/www/virtuals/mail.boing.com/htdocs/horde/passwd/lib/Driver)diff
>> >> -c ldap.php*
>> >> *** ldap.php    Sat Dec 24 02:25:50 2005
>> >> --- ldap.php.dist       Sat Dec 24 01:52:51 2005
>> >> ***************
>> >> *** 206,215 ****
>> >>        */
>> >>       function _userDN($username, $old_password)
>> >>       {
>> >> !         if ($this->_params['userdn']) {
>> >> !             $userdn = $this->_params['userdn'];
>> >> !           return $userdn;
>> >> !       } else if ($GLOBALS['conf']['hooks']['userdn']) {
>> >>               $userdn = Horde::callHook('_passwd_hook_userdn',
>> >>                                         array(Auth::getAuth()));
>> >>           } else {
>> >> --- 206,212 ----
>> >>        */
>> >>       function _userDN($username, $old_password)
>> >>       {
>> >> !         if ($GLOBALS['conf']['hooks']['userdn']) {
>> >>               $userdn = Horde::callHook('_passwd_hook_userdn',
>> >>                                         array(Auth::getAuth()));
>> >>           } else {
> --
> Sork mailing list - Join the hunt: http://horde.org/bounties/#sork
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: sork-unsubscribe at lists.horde.org
>

More information about the sork mailing list