[sork] Passwd on LDAP
Jorge Hernandez
jorgeh at fsbcomputers.com
Tue Oct 21 17:42:32 UTC 2008
I understand, but the problem I'm having is not to login is to get
the passwd module to let them change their passwords, I configured the
backends of passwd the same way horde authentication is setup, so it
should work, but every time I do anything to backends.php it does not
change passwords (not that it ever did).
I can bind to my server directly by using
basedn="ou=people,dc=mydomain,dc=com" and I can even see my users.
I have tried with bsedn="ou=people,dc=mydomain,dc=com"
also, basedn="dc=mydomain,dc=com"
I even tried basedn="ou=people,o=mydomain.com"
and for the admindn I have tried
admindn="cn=Administrator,dc=mydomain,dc=com" and all the other
modifications above to mydomain.com and it doesn't like any of the
ones I tried.
If you have an example of LDAP with Admin binding, please share.
By the way for every single one that I tried I always get cannot
bind to server.
Thanks in advance,
==========================
Jorge Hernandez
CEO/OWNER
FSB ComputersQuoting Martin Fraser <mdf at darksnow.net>:
> My setup binds using the username and password supplied when you are
> trying to login to Horde, it does not use an admin bind to check
> credentials.
>
> My system is setup such that I can login as my horde users at the
> system shell using the same password which is stored in the LDAP
> directory. My Horde setup is simple because all the work has been done
> in LDAP.
>
> You need to make sure you can bind to LDAP directly before adding the
> extra complexity of configuring Horde.
>
> I used the ldap manual on openldap.org to setup PAM authentication with
> LDAP before I started on Horde. If you don't want to do all that, which
> is fair enough, try to bind in the command line with the admin DN and
> password you have been using for Horde, to confirm it is right.
>
> Martin...
>
> Jorge Hernandez wrote:
>> I tried your simple version but I get the same result: "Could not
>> bind to LDAP server"
>>
>> ==========================
>> Jorge Hernandez
>> CEO/OWNER
>> FSB ComputersQuoting Martin Fraser <mdf at darksnow.net>:
>>
>>> Jorge Hernandez wrote:
>>>>
>>>>
>>>> Can anyone send me an example of how backends.php should look
>>>> like in order for passwd to change password on LDAP, this what I
>>>> have for LDAP:
>>>>
>>>> $backends['ldapadmin'] = array(
>>>> 'name' => 'LDAP Server with Admin Bindings',
>>>> 'preferred' => 'www.mysite.com',
>>>> 'password policy' => array(
>>>> 'minLength' => 6,
>>>> 'maxLength' => 16
>>>> ),
>>>> 'driver' => 'ldap',
>>>> 'params' => array(
>>>> 'host' => 'localhost',
>>>> 'port' => 389,
>>>> 'basedn' => 'ou=people,dc=mysite,dc=com',
>>>> 'admindn' => 'cn=Administrator,dc=mysite,dc=com',
>>>> 'adminpw' => 'xxxxxxxxxxx',
>>>>
>>>> // LDAP object key attribute
>>>> 'uid' => 'uid',
>>>>
>>>> // these attributes will enable shadow password policies.
>>>> // 'shadowlastchange' => 'shadowlastchange',
>>>> // 'shadowmin' => 'shadowmin',
>>>> 'attribute' => 'clearPassword',
>>>>
>>>> // this will be appended to the username when looking
>>>> for the userdn.
>>>> 'realm' => '',
>>>>
>>>> // Use this filter when searching for the user's DN.
>>>> 'filter' => '',
>>>>
>>>> // Hash method to use when storing the password
>>>> 'encryption' => 'crypt',
>>>>
>>>> // Whether to enable TLS for this LDAP connection
>>>> // Note: make sure the host matches cn in the server certificate
>>>> 'tls' => false
>>>> )
>>>> );
>>>>
>>>> Thanks in advance,
>>>>
>>>> ==========================
>>>> Jorge Hernandez
>>>> CEO/OWNER
>>>> FSB Computers
>>>> --
>>>> Sork mailing list - Join the hunt: http://horde.org/bounties/#sork[1[1]]
>>>> Frequently Asked Questions: http://horde.org/faq/[2[2]]
>>>> To unsubscribe, mail: sork-unsubscribe at lists.horde.org
>>>>
>>> My setup is really very simple indeed, so I'm not sure what I can tell
>>> you about what might be wrong with your setup.
>>>
>>> It should be noted that I have my LDAP server authenticating everything
>>> through PAM and if I can remember back to when I set this up, that is
>>> why I am using md5 over the standard crypt.
>>>
>>> How are you using your LDAP for authentication?
>>>
>>> Can the normal passwd command on the command line change your
>>> LDAP passwords?
>>>
>>> Here is my setup anyway:
>>>
>>> $backends['ldap'] = array(
>>> 'name' => 'LDAP Server',
>>> 'preferred' => 'www.mysite.com',
>>> 'password policy' => array(
>>> 'minLength' => 6,
>>> 'maxLength' => 30
>>> ),
>>> 'driver' => 'ldap',
>>> 'params' => array(
>>> 'host' => 'localhost',
>>> 'port' => 389,
>>> 'basedn' => 'dc=mysite,dc=com',
>>> 'uid' => 'uid',
>>> 'realm' => '',
>>> 'encryption' => 'crypt-md5',
>>> 'tls' => false
>>> )
>>> );
>>>
>>>
>>> Martin...
>>>
>>> --
>>> Sork mailing list - Join the hunt: http://horde.org/bounties/#sork[3[3]]
>>> Frequently Asked Questions: http://horde.org/faq/[4[4]]
>>> To unsubscribe, mail: sork-unsubscribe at lists.horde.org
>>
>>
>> Links:
>> ------
>> [1] http://horde.org/bounties/#sork[5]
>> [2] http://horde.org/faq/[6]
>> [3] http://horde.org/bounties/#sork[7]
>> [4] http://horde.org/faq/[8]
>>
>> --
>> Sork mailing list - Join the hunt: http://horde.org/bounties/#sork[9]
>> Frequently Asked Questions: http://horde.org/faq/[10]
>> To unsubscribe, mail: sork-unsubscribe at lists.horde.org
>>
>
> --
> Sork mailing list - Join the hunt: http://horde.org/bounties/#sork[11]
> Frequently Asked Questions: http://horde.org/faq/[12]
> To unsubscribe, mail: sork-unsubscribe at lists.horde.org
Links:
------
[1] http://horde.org/bounties/#sork[1
[2] http://horde.org/faq/[2
[3] http://horde.org/bounties/#sork[3
[4] http://horde.org/faq/[4
[5] http://horde.org/bounties/#sork
[6] http://horde.org/faq/
[7] http://horde.org/bounties/#sork
[8] http://horde.org/faq/
[9] http://horde.org/bounties/#sork
[10] http://horde.org/faq/
[11] http://horde.org/bounties/#sork
[12] http://horde.org/faq/
More information about the sork
mailing list