[sork] Configuration problem with sork

Michel Bulgado michel at casa.co.cu
Mon Aug 31 20:32:36 UTC 2009 

On Mon, 2009-08-31 at 14:55 -0400, Michel Bulgado wrote:
> On Mon, 2009-08-31 at 12:57 -0500, Eric Jon Rostetter wrote:
> > Quoting michel at casa.co.cu:
> > 
> > > I am interested in achieving the same goal, that my users can change  
> > > their passwords in the Windows Active Directory, I think it is more
> > [...]
> > >     'password policy' => array(
> > >         'minLength' => 3,
> > >         'maxLength' => 6
> > 
> > Make sure your AD will accept password which are only 3-6 characters longer
> > (maybe its policy is to require >6 characters?)
> > 
> > >     ),
> > >     'driver' => 'ldap',
> > >     'params' => array(
> > >         'host' => 'ldap.home.com',
> > >         'port' => 389,
> > 
> > Add sslhost, since most AD implementations require SSL connections.
> > 
> > > I tried changing the port for "636" , using directive "sslhost".  
> > > using ldapsearch for test my settings to get dn from active  
> > > directory and work fine.
> > 
> > Add sslhost, but leave port as is, and test...
> > 
> > > suggestions?
> > 
> > Only above, but I'm hoping others will chime in with more...
> 
> my config
> 
> $backends['ldap'] = array(
>     'name' => 'LDAP Server',
>     'preferred' => 'home.com',
>     'password policy' => array(
>         'minLength' => 3,
>         'maxLength' => 8
>     ),
>     'driver' => 'ldap',
>     'params' => array(
>         'host' => '192.168.25.26',
>         'sslhost' => '192.168.25.26',
>         'port' => 389,
>         'basedn' => 'ou=HOME,dc=home,dc=com',
>         'uid' => 'sAMAccountName',
>         // these attributes will enable shadow password policies.
>         // 'shadowlastchange' => 'shadowlastchange',
>         // 'shadowmin' => 'shadowmin',
>         // this will be appended to the username when looking for the
> userdn.
>         'realm' => 'home.com',
>         'encryption' => 'msad',
>         // make sure the host == cn in the server certificate
>         'tls' => false
>     )
> );
> 
> I test i dont work.
> 
> Greetings
> Michel
> 
> 
> 
I wonder 


it should use encryption, "MSAD" when at least not this stated in the
documentation?  


The following is a list of supported encryption/hashing
 *            methods supported by Passwd.
 *
 *            1) plain
 *            2) crypt or crypt-des
 *            3) crypt-md5
 *            4) crypt-blowfish
 *            5) md5-hex
 *            6) md5-base64
 *            7) smd5
 *            8) sha
 *            9) ssha
 *


So which of these should I use?

More information about the sork mailing list