[sork] passwd question

[Craig White]

On Thu, 2008-06-19 at 13:30 -0700, Craig White wrote:
> For the first time, I downloaded installed Passwd (3.0.1 I think it is -
> and latest Horde Release 3.2.1)
> 
> I commented all items of backends.php out except for smbldap and
> configured it to work as I would expect.
> 
> I chose the smbldap because I would like it to change userPassword,
> sambaLMPassword, sambaNTPassword attributes (the sambaLMPassword is
> probably unnecessary but anyway)...
> 
> I gave it my old and new passwords and I get this message on screen...
> 
> Failure in changing password on Samba/LDAP Server: Insufficient access
> 
> but all three passwords (userPassword, sambaLMPassword and
> sambaNTPassword) seemed to have changed anyway.
> 
> This is the ACL I'm using in LDAP...does this pose a problem?
> 
> access to attrs=userPassword,sambaNTPassword,sambaLMPassword
>         by dn.exact="uid=admin,ou=People,dc=example,dc=com" write
>         by self write
>         by anonymous auth
>         by * none
> 
> I've been using this ACL for a pretty long time in a number of
> locations...
----
I almost suspect that this occurs because of a note in backends.php...

// NOTE: to set the ldap userdn, see horde/config/hooks.php

but I don't see anything specifically in hooks.php that refers to the
userdn at all and I do have some hooks that get the cn and mail
attributes.

So I am using the 'realm' attribute to provide the rest of the $userdn
and I suspect that this is why I am getting the error - even though it
actually changes all the passwords.

If in fact, I grep for userdn in horde/config/hooks.php.dist, I get
nothing at all.

Should I write some kind of custom hook to return the actual userdn?
Does something like this already exist?

Craig