[turba] ldap user auth

Terry Davis tdavis@birddog.com
Fri, 21 Sep 2001 17:59:57 -0500


Ok, finally had a chance to run with this.
I see what you are doing.  ;)

I see it is authenticating correctly but I fear the 'root' is incorrect.
So I attempted a stab at it:
'root'=>'ou=People,uid='.$GLOBALS['imp']['user'],',ou=People,dc=birddog,dc=com', 

This is giving me this however:

Sep 21 17:50:00 zeus slapd[4530]: => access_allowed: auth access to "uid=td,ou=People,dc=birddog,dc=com" "userPassword" requested
Sep 21 17:50:00 zeus slapd[4530]: => dnpat: [1] (.*,)?,ou=People,dc=birddog,dc=com nsub: 1
Sep 21 17:50:00 zeus slapd[4530]: => acl_get: [1] matched
Sep 21 17:50:00 zeus slapd[4530]: => acl_get: [1] check attr userPassword
Sep 21 17:50:00 zeus slapd[4530]: <= acl_get: [1] acl uid=td,ou=People,dc=birddog,dc=com attr: userPassword
Sep 21 17:50:00 zeus slapd[4530]: => match[0]: 6 34
Sep 21 17:50:00 zeus slapd[4530]: ,
Sep 21 17:50:00 zeus slapd[4530]: O
Sep 21 17:50:00 zeus slapd[4530]: U
Sep 21 17:50:00 zeus slapd[4530]: =
Sep 21 17:50:00 zeus slapd[4530]: P
Sep 21 17:50:00 zeus slapd[4530]: E
Sep 21 17:50:00 zeus slapd[4530]: O
Sep 21 17:50:00 zeus slapd[4530]: P
Sep 21 17:50:00 zeus slapd[4530]: L
Sep 21 17:50:00 zeus slapd[4530]: E
Sep 21 17:50:00 zeus slapd[4530]: ,
Sep 21 17:50:00 zeus slapd[4530]: D
Sep 21 17:50:00 zeus slapd[4530]: C
Sep 21 17:50:00 zeus slapd[4530]: =
Sep 21 17:50:00 zeus slapd[4530]: B
Sep 21 17:50:00 zeus slapd[4530]: I
Sep 21 17:50:00 zeus slapd[4530]: R
Sep 21 17:50:00 zeus slapd[4530]: D
Sep 21 17:50:00 zeus slapd[4530]: D
Sep 21 17:50:00 zeus slapd[4530]: O
Sep 21 17:50:00 zeus slapd[4530]: G
Sep 21 17:50:00 zeus slapd[4530]: ,
Sep 21 17:50:00 zeus slapd[4530]: D
Sep 21 17:50:00 zeus slapd[4530]: C
Sep 21 17:50:00 zeus slapd[4530]: =
Sep 21 17:50:00 zeus slapd[4530]: C
Sep 21 17:50:00 zeus slapd[4530]: O
Sep 21 17:50:00 zeus slapd[4530]: M
Sep 21 17:50:00 zeus slapd[4530]: => acl_mask: access to entry "uid=td,ou=People,dc=birddog,dc=com", attr "userPassword" requested
Sep 21 17:50:00 zeus slapd[4530]: => acl_mask: to all values by "", (=n)
Sep 21 17:50:00 zeus slapd[4530]: <= check a_dn_pat: anonymous
Sep 21 17:50:00 zeus slapd[4530]: <= acl_mask: [1] applying auth (=x) (stop)
Sep 21 17:50:00 zeus slapd[4530]: <= acl_mask: [1] mask: auth (=x)
Sep 21 17:50:00 zeus slapd[4530]: => access_allowed: auth access granted by auth (=x)

It did however add the entry correctly!   I changed the code to this:
'root' => 'ou=People,uid=' . $GLOBALS['imp']['user'] .',ou=People,dc=birddog,dc=com',

Thank you for any help.  

-- 
Terry Davis
Systems Administrator
BirdDog Solutions, Inc.
(402) 829-6059


Quoting Atif Ghaffar <aghaffar@developer.ch>:

> Terry Davis wrote:
> 
> > Yes.  If I can at least get that information in a variable somehow
> (securely), then it _should_ be easy to implement that into the
> /turba/config/sources.php file.  This I will have to learn a bit of php for
> but that is not a big deal.   
> 
> 
> Ok, now you are talking.
> Here is what you need to put in the sources.php.
> 
> Assuming: 
>   * each user's address book is under
>     ou=People,uid=SOMETHING,ou=People,dc=birddog,dc=com
>   * turba is set to authentify via IMP.
> 
> 
> 
> 'root'	=> 'ou=People, uid=' . $GLOBALS['imp']['user'] ,
> ',ou=People,dc=birddog,dc=com',
> 'bind_dn' => 'uid=' . $GLOBALS['imp']['user'] .
> ',ou=People,dc=birddog,dc=com',
> 'bind_password' => Secret::read(Secret::getKey('imp'),
> $GLOBALS['imp']['pass']),
> 
> 
> 
> > Chuck hinted that this might be a bad idea.  I am guessing there might be
> security concerns if we start throwing the auth information around.
> 
> I dont know if its a bad idea. 
> It does work, and I dont see any security concerns, then again, Chuck
> has a better information on the Auth stuff and Horde in general.
> 
> 
> Let me know if it works.
> 
> cheers
> 
> -- 
> Turba mailing list: http://horde.org/turba/
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: turba-unsubscribe@lists.horde.org
> 


-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/