[sork] Passwd on LDAP

Martin Fraser mdf at darksnow.net
Thu Oct 23 09:31:40 UTC 2008


I don't have an example with an admin bind, my users bind as themselves 
and change their own passwords.

I would have a play about with the ldappasswd command on the command 
line of the machine. It takes base and bind credentials, the dn of the 
user who's password you want to change and lets you change it.

Using the command line tools might shed some light on why you can't bind 
with the horde passwd set up.

Do you have your Horde users under ou=People and do the users have a 
class of posixUser as well as hordeUser

Either way, the bind issue is preventing you getting as far as having 
schema or access list problems within LDAP, try to work out what is 
wrong there first, as you said, the base, bind and password should be 
the same for horde auth, but try on the command line until you are sure 
what it should be, it's much quicker than changing the horde config and 
clicking on loads of buttons on a web page.

Martin...

Jorge Hernandez wrote:
> 
> 
>   I understand, but the problem I'm having is not to login is to get the 
> passwd module to let them change their passwords, I configured the 
> backends of passwd the same way horde authentication is setup, so it 
> should work, but every time I do anything to backends.php it does not 
> change passwords (not that it ever did).
> 
>   I can bind to my server directly by using 
> basedn="ou=people,dc=mydomain,dc=com" and I can even see my users.
> 
>   I have tried with bsedn="ou=people,dc=mydomain,dc=com"
> 
>   also, basedn="dc=mydomain,dc=com"
> 
>   I even tried basedn="ou=people,o=mydomain.com"
> 
>   and for the admindn I have tried
> 
>   admindn="cn=Administrator,dc=mydomain,dc=com" and all the other 
> modifications above to mydomain.com and it doesn't like any of the ones 
> I tried.
> 
>   If you have an example of LDAP with Admin binding, please share.
> 
>   By the way for every single one that I tried I always get cannot bind 
> to server.
> 
>   Thanks in advance,
> 
>   ==========================
> Jorge Hernandez
> CEO/OWNER
> FSB ComputersQuoting Martin Fraser <mdf at darksnow.net>:
> 
>> My setup binds using the username and password supplied when you are
>> trying to login to Horde, it does not use an admin bind to check
>> credentials.
>>
>> My system is setup such that I can login as my horde users at the
>> system shell using the same password which is stored in the LDAP
>> directory. My Horde setup is simple because all the work has been done
>> in LDAP.
>>
>> You need to make sure you can bind to LDAP directly before adding the
>> extra complexity of configuring Horde.
>>
>> I used the ldap manual on openldap.org to setup PAM authentication with
>> LDAP before I started on Horde. If you don't want to do all that, which
>> is fair enough, try to bind in the command line with the admin DN and
>> password you have been using for Horde, to confirm it is right.
>>
>> Martin...
>>
>> Jorge Hernandez wrote:
>>> I tried your simple version but I get the same result: "Could not  
>>> bind to LDAP server"
>>>
>>>   ==========================
>>> Jorge Hernandez
>>> CEO/OWNER
>>> FSB ComputersQuoting Martin Fraser <mdf at darksnow.net>:
>>>
>>>> Jorge Hernandez wrote:
>>>>>
>>>>>
>>>>>   Can anyone send me an example of how backends.php should look  
>>>>> like in order for passwd to change password on LDAP, this what I  
>>>>> have  for LDAP:
>>>>>
>>>>>   $backends['ldapadmin'] = array(
>>>>>     'name' => 'LDAP Server with Admin Bindings',
>>>>>     'preferred' => 'www.mysite.com',
>>>>>     'password policy' => array(
>>>>>         'minLength' => 6,
>>>>>         'maxLength' => 16
>>>>>     ),
>>>>>     'driver' => 'ldap',
>>>>>     'params' => array(
>>>>>         'host' => 'localhost',
>>>>>         'port' => 389,
>>>>>         'basedn' => 'ou=people,dc=mysite,dc=com',
>>>>>         'admindn' => 'cn=Administrator,dc=mysite,dc=com',
>>>>>         'adminpw' => 'xxxxxxxxxxx',
>>>>>
>>>>>         // LDAP object key attribute
>>>>>         'uid' => 'uid',
>>>>>
>>>>>         // these attributes will enable shadow password policies.
>>>>>         // 'shadowlastchange' => 'shadowlastchange',
>>>>>         // 'shadowmin' => 'shadowmin',
>>>>>         'attribute' => 'clearPassword',
>>>>>
>>>>>         // this will be appended to the username when looking for  
>>>>> the userdn.
>>>>>         'realm' => '',
>>>>>
>>>>>         // Use this filter when searching for the user's DN.
>>>>>         'filter' => '',
>>>>>
>>>>>         // Hash method to use when storing the password
>>>>>         'encryption' => 'crypt',
>>>>>
>>>>>         // Whether to enable TLS for this LDAP connection
>>>>>         // Note: make sure the host matches cn in the server 
>>>>> certificate
>>>>>         'tls' => false
>>>>>     )
>>>>> );
>>>>>
>>>>>   Thanks in advance,
>>>>>
>>>>>   ==========================
>>>>> Jorge Hernandez
>>>>> CEO/OWNER
>>>>> FSB Computers
>>>>> -- 
>>>>> Sork mailing list - Join the hunt: 
>>>>> http://horde.org/bounties/#sork[1[1]]
>>>>> Frequently Asked Questions: http://horde.org/faq/[2[2]]
>>>>> To unsubscribe, mail: sork-unsubscribe at lists.horde.org
>>>>>
>>>> My setup is really very simple indeed, so I'm not sure what I can tell
>>>> you about what might be wrong with your setup.
>>>>
>>>> It should be noted that I have my LDAP server authenticating everything
>>>> through PAM and if I can remember back to when I set this up, that is
>>>> why I am using md5 over the standard crypt.
>>>>
>>>> How are you using your LDAP for authentication?
>>>>
>>>> Can the normal passwd command on the command line change your LDAP  
>>>> passwords?
>>>>
>>>> Here is my setup anyway:
>>>>
>>>> $backends['ldap'] = array(
>>>>      'name' => 'LDAP Server',
>>>>      'preferred' => 'www.mysite.com',
>>>>      'password policy' => array(
>>>>          'minLength' => 6,
>>>>          'maxLength' => 30
>>>>      ),
>>>>      'driver' => 'ldap',
>>>>      'params' => array(
>>>>          'host' => 'localhost',
>>>>          'port' => 389,
>>>>          'basedn' => 'dc=mysite,dc=com',
>>>>          'uid' => 'uid',
>>>>          'realm' => '',
>>>>          'encryption' => 'crypt-md5',
>>>>          'tls' => false
>>>>      )
>>>> );
>>>>
>>>>
>>>> Martin...
>>>>
>>>> -- 
>>>> Sork mailing list - Join the hunt: 
>>>> http://horde.org/bounties/#sork[3[3]]
>>>> Frequently Asked Questions: http://horde.org/faq/[4[4]]
>>>> To unsubscribe, mail: sork-unsubscribe at lists.horde.org
>>>
>>>
>>> Links:
>>> ------
>>> [1] http://horde.org/bounties/#sork[5]
>>> [2] http://horde.org/faq/[6]
>>> [3] http://horde.org/bounties/#sork[7]
>>> [4] http://horde.org/faq/[8]
>>>
>>> -- 
>>> Sork mailing list - Join the hunt: http://horde.org/bounties/#sork[9]
>>> Frequently Asked Questions: http://horde.org/faq/[10]
>>> To unsubscribe, mail: sork-unsubscribe at lists.horde.org
>>>
>>
>> -- 
>> Sork mailing list - Join the hunt: http://horde.org/bounties/#sork[11]
>> Frequently Asked Questions: http://horde.org/faq/[12]
>> To unsubscribe, mail: sork-unsubscribe at lists.horde.org
> 
> 
> Links:
> ------
> [1] http://horde.org/bounties/#sork[1
> [2] http://horde.org/faq/[2
> [3] http://horde.org/bounties/#sork[3
> [4] http://horde.org/faq/[4
> [5] http://horde.org/bounties/#sork
> [6] http://horde.org/faq/
> [7] http://horde.org/bounties/#sork
> [8] http://horde.org/faq/
> [9] http://horde.org/bounties/#sork
> [10] http://horde.org/faq/
> [11] http://horde.org/bounties/#sork
> [12] http://horde.org/faq/
> 
> -- 
> Sork mailing list - Join the hunt: http://horde.org/bounties/#sork
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: sork-unsubscribe at lists.horde.org
> 



More information about the sork mailing list