[turba] ldap user auth
Terry Davis
tdavis@birddog.com
Fri, 21 Sep 2001 17:59:57 -0500
Ok, finally had a chance to run with this.
I see what you are doing. ;)
I see it is authenticating correctly but I fear the 'root' is incorrect.
So I attempted a stab at it:
'root'=>'ou=People,uid='.$GLOBALS['imp']['user'],',ou=People,dc=birddog,dc=com',
This is giving me this however:
Sep 21 17:50:00 zeus slapd[4530]: => access_allowed: auth access to "uid=td,ou=People,dc=birddog,dc=com" "userPassword" requested
Sep 21 17:50:00 zeus slapd[4530]: => dnpat: [1] (.*,)?,ou=People,dc=birddog,dc=com nsub: 1
Sep 21 17:50:00 zeus slapd[4530]: => acl_get: [1] matched
Sep 21 17:50:00 zeus slapd[4530]: => acl_get: [1] check attr userPassword
Sep 21 17:50:00 zeus slapd[4530]: <= acl_get: [1] acl uid=td,ou=People,dc=birddog,dc=com attr: userPassword
Sep 21 17:50:00 zeus slapd[4530]: => match[0]: 6 34
Sep 21 17:50:00 zeus slapd[4530]: ,
Sep 21 17:50:00 zeus slapd[4530]: O
Sep 21 17:50:00 zeus slapd[4530]: U
Sep 21 17:50:00 zeus slapd[4530]: =
Sep 21 17:50:00 zeus slapd[4530]: P
Sep 21 17:50:00 zeus slapd[4530]: E
Sep 21 17:50:00 zeus slapd[4530]: O
Sep 21 17:50:00 zeus slapd[4530]: P
Sep 21 17:50:00 zeus slapd[4530]: L
Sep 21 17:50:00 zeus slapd[4530]: E
Sep 21 17:50:00 zeus slapd[4530]: ,
Sep 21 17:50:00 zeus slapd[4530]: D
Sep 21 17:50:00 zeus slapd[4530]: C
Sep 21 17:50:00 zeus slapd[4530]: =
Sep 21 17:50:00 zeus slapd[4530]: B
Sep 21 17:50:00 zeus slapd[4530]: I
Sep 21 17:50:00 zeus slapd[4530]: R
Sep 21 17:50:00 zeus slapd[4530]: D
Sep 21 17:50:00 zeus slapd[4530]: D
Sep 21 17:50:00 zeus slapd[4530]: O
Sep 21 17:50:00 zeus slapd[4530]: G
Sep 21 17:50:00 zeus slapd[4530]: ,
Sep 21 17:50:00 zeus slapd[4530]: D
Sep 21 17:50:00 zeus slapd[4530]: C
Sep 21 17:50:00 zeus slapd[4530]: =
Sep 21 17:50:00 zeus slapd[4530]: C
Sep 21 17:50:00 zeus slapd[4530]: O
Sep 21 17:50:00 zeus slapd[4530]: M
Sep 21 17:50:00 zeus slapd[4530]: => acl_mask: access to entry "uid=td,ou=People,dc=birddog,dc=com", attr "userPassword" requested
Sep 21 17:50:00 zeus slapd[4530]: => acl_mask: to all values by "", (=n)
Sep 21 17:50:00 zeus slapd[4530]: <= check a_dn_pat: anonymous
Sep 21 17:50:00 zeus slapd[4530]: <= acl_mask: [1] applying auth (=x) (stop)
Sep 21 17:50:00 zeus slapd[4530]: <= acl_mask: [1] mask: auth (=x)
Sep 21 17:50:00 zeus slapd[4530]: => access_allowed: auth access granted by auth (=x)
It did however add the entry correctly! I changed the code to this:
'root' => 'ou=People,uid=' . $GLOBALS['imp']['user'] .',ou=People,dc=birddog,dc=com',
Thank you for any help.
--
Terry Davis
Systems Administrator
BirdDog Solutions, Inc.
(402) 829-6059
Quoting Atif Ghaffar <aghaffar@developer.ch>:
> Terry Davis wrote:
>
> > Yes. If I can at least get that information in a variable somehow
> (securely), then it _should_ be easy to implement that into the
> /turba/config/sources.php file. This I will have to learn a bit of php for
> but that is not a big deal.
>
>
> Ok, now you are talking.
> Here is what you need to put in the sources.php.
>
> Assuming:
> * each user's address book is under
> ou=People,uid=SOMETHING,ou=People,dc=birddog,dc=com
> * turba is set to authentify via IMP.
>
>
>
> 'root' => 'ou=People, uid=' . $GLOBALS['imp']['user'] ,
> ',ou=People,dc=birddog,dc=com',
> 'bind_dn' => 'uid=' . $GLOBALS['imp']['user'] .
> ',ou=People,dc=birddog,dc=com',
> 'bind_password' => Secret::read(Secret::getKey('imp'),
> $GLOBALS['imp']['pass']),
>
>
>
> > Chuck hinted that this might be a bad idea. I am guessing there might be
> security concerns if we start throwing the auth information around.
>
> I dont know if its a bad idea.
> It does work, and I dont see any security concerns, then again, Chuck
> has a better information on the Auth stuff and Horde in general.
>
>
> Let me know if it works.
>
> cheers
>
> --
> Turba mailing list: http://horde.org/turba/
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: turba-unsubscribe@lists.horde.org
>
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/