[sork] Passwd on LDAP

Martin Fraser mdf at darksnow.net
Fri Oct 17 10:22:34 UTC 2008 

Jorge Hernandez wrote:
> 
> 
>   Can anyone send me an example of how backends.php should look like in 
> order for passwd to change password on LDAP, this what I have for LDAP:
> 
>   $backends['ldapadmin'] = array(
>     'name' => 'LDAP Server with Admin Bindings',
>     'preferred' => 'www.mysite.com',
>     'password policy' => array(
>         'minLength' => 6,
>         'maxLength' => 16
>     ),
>     'driver' => 'ldap',
>     'params' => array(
>         'host' => 'localhost',
>         'port' => 389,
>         'basedn' => 'ou=people,dc=mysite,dc=com',
>         'admindn' => 'cn=Administrator,dc=mysite,dc=com',
>         'adminpw' => 'xxxxxxxxxxx',
> 
>         // LDAP object key attribute
>         'uid' => 'uid',
> 
>         // these attributes will enable shadow password policies.
>         // 'shadowlastchange' => 'shadowlastchange',
>         // 'shadowmin' => 'shadowmin',
>         'attribute' => 'clearPassword',
> 
>         // this will be appended to the username when looking for the 
> userdn.
>         'realm' => '',
> 
>         // Use this filter when searching for the user's DN.
>         'filter' => '',
> 
>         // Hash method to use when storing the password
>         'encryption' => 'crypt',
> 
>         // Whether to enable TLS for this LDAP connection
>         // Note: make sure the host matches cn in the server certificate
>         'tls' => false
>     )
> );
> 
>   Thanks in advance,
> 
>   ==========================
> Jorge Hernandez
> CEO/OWNER
> FSB Computers
> -- 
> Sork mailing list - Join the hunt: http://horde.org/bounties/#sork
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: sork-unsubscribe at lists.horde.org
> 
My setup is really very simple indeed, so I'm not sure what I can tell 
you about what might be wrong with your setup.

It should be noted that I have my LDAP server authenticating everything 
through PAM and if I can remember back to when I set this up, that is 
why I am using md5 over the standard crypt.

How are you using your LDAP for authentication?

Can the normal passwd command on the command line change your LDAP 
passwords?

Here is my setup anyway:

$backends['ldap'] = array(
     'name' => 'LDAP Server',
     'preferred' => 'www.mysite.com',
     'password policy' => array(
         'minLength' => 6,
         'maxLength' => 30
     ),
     'driver' => 'ldap',
     'params' => array(
         'host' => 'localhost',
         'port' => 389,
         'basedn' => 'dc=mysite,dc=com',
         'uid' => 'uid',
         'realm' => '',
         'encryption' => 'crypt-md5',
         'tls' => false
     )
);


Martin...

More information about the sork mailing list