[sork] Passwd on LDAP

Martin Fraser mdf at darksnow.net
Mon Oct 20 08:10:15 UTC 2008


My setup binds using the username and password supplied when you are 
trying to login to Horde, it does not use an admin bind to check 
credentials.

My system is setup such that I can login as my horde users at the system 
shell using the same password which is stored in the LDAP directory. My 
Horde setup is simple because all the work has been done in LDAP.

You need to make sure you can bind to LDAP directly before adding the 
extra complexity of configuring Horde.

I used the ldap manual on openldap.org to setup PAM authentication with 
LDAP before I started on Horde. If you don't want to do all that, which 
is fair enough, try to bind in the command line with the admin DN and 
password you have been using for Horde, to confirm it is right.

Martin...

Jorge Hernandez wrote:
> I tried your simple version but I get the same result: "Could not bind 
> to LDAP server"
> 
>   ==========================
> Jorge Hernandez
> CEO/OWNER
> FSB ComputersQuoting Martin Fraser <mdf at darksnow.net>:
> 
>> Jorge Hernandez wrote:
>>>
>>>
>>>   Can anyone send me an example of how backends.php should look like  
>>> in order for passwd to change password on LDAP, this what I have  for 
>>> LDAP:
>>>
>>>   $backends['ldapadmin'] = array(
>>>     'name' => 'LDAP Server with Admin Bindings',
>>>     'preferred' => 'www.mysite.com',
>>>     'password policy' => array(
>>>         'minLength' => 6,
>>>         'maxLength' => 16
>>>     ),
>>>     'driver' => 'ldap',
>>>     'params' => array(
>>>         'host' => 'localhost',
>>>         'port' => 389,
>>>         'basedn' => 'ou=people,dc=mysite,dc=com',
>>>         'admindn' => 'cn=Administrator,dc=mysite,dc=com',
>>>         'adminpw' => 'xxxxxxxxxxx',
>>>
>>>         // LDAP object key attribute
>>>         'uid' => 'uid',
>>>
>>>         // these attributes will enable shadow password policies.
>>>         // 'shadowlastchange' => 'shadowlastchange',
>>>         // 'shadowmin' => 'shadowmin',
>>>         'attribute' => 'clearPassword',
>>>
>>>         // this will be appended to the username when looking for the 
>>> userdn.
>>>         'realm' => '',
>>>
>>>         // Use this filter when searching for the user's DN.
>>>         'filter' => '',
>>>
>>>         // Hash method to use when storing the password
>>>         'encryption' => 'crypt',
>>>
>>>         // Whether to enable TLS for this LDAP connection
>>>         // Note: make sure the host matches cn in the server certificate
>>>         'tls' => false
>>>     )
>>> );
>>>
>>>   Thanks in advance,
>>>
>>>   ==========================
>>> Jorge Hernandez
>>> CEO/OWNER
>>> FSB Computers
>>> -- 
>>> Sork mailing list - Join the hunt: http://horde.org/bounties/#sork[1]
>>> Frequently Asked Questions: http://horde.org/faq/[2]
>>> To unsubscribe, mail: sork-unsubscribe at lists.horde.org
>>>
>> My setup is really very simple indeed, so I'm not sure what I can tell
>> you about what might be wrong with your setup.
>>
>> It should be noted that I have my LDAP server authenticating everything
>> through PAM and if I can remember back to when I set this up, that is
>> why I am using md5 over the standard crypt.
>>
>> How are you using your LDAP for authentication?
>>
>> Can the normal passwd command on the command line change your LDAP 
>> passwords?
>>
>> Here is my setup anyway:
>>
>> $backends['ldap'] = array(
>>      'name' => 'LDAP Server',
>>      'preferred' => 'www.mysite.com',
>>      'password policy' => array(
>>          'minLength' => 6,
>>          'maxLength' => 30
>>      ),
>>      'driver' => 'ldap',
>>      'params' => array(
>>          'host' => 'localhost',
>>          'port' => 389,
>>          'basedn' => 'dc=mysite,dc=com',
>>          'uid' => 'uid',
>>          'realm' => '',
>>          'encryption' => 'crypt-md5',
>>          'tls' => false
>>      )
>> );
>>
>>
>> Martin...
>>
>> -- 
>> Sork mailing list - Join the hunt: http://horde.org/bounties/#sork[3]
>> Frequently Asked Questions: http://horde.org/faq/[4]
>> To unsubscribe, mail: sork-unsubscribe at lists.horde.org
> 
> 
> Links:
> ------
> [1] http://horde.org/bounties/#sork
> [2] http://horde.org/faq/
> [3] http://horde.org/bounties/#sork
> [4] http://horde.org/faq/
> 
> -- 
> Sork mailing list - Join the hunt: http://horde.org/bounties/#sork
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: sork-unsubscribe at lists.horde.org
> 



More information about the sork mailing list