[turba] edit LDAP entry

Adam Tauno Williams adam at morrison-ind.com
Wed Oct 19 06:29:47 PDT 2005


> Craig,
> I notice you use uid, I use cn instead. I am going to try it and see that
> fixes the problem...

What you are constructing is a DN;  it has to match however your Dit is
setup.

For instance, we just lookup the users DN when they login as a
preferences:

In horde/config/hooks.pref

  if (!function_exists('_prefs_hook_ldap_userdn')) {
    function _prefs_hook_ldap_userdn()
    {
         $ldapServer = 'littleboy.morrison.iserv.net';
         $ldapPort = '389';
         $searchBase = 'o=Morrison Industries,c=US';
         $dn = '';

         $ds = @ldap_connect($ldapServer, $ldapPort);

         $searchResult = @ldap_search($ds, $searchBase,
'(&(objectclass=account)(uid=' . Auth::getAuth() . '))');
         $information = @ldap_get_entries($ds, $searchResult);
         if ($information[0]['dn'] != '')
           $dn = $information[0]['dn'];
         ldap_close($ds);
         return $dn;
    }
  }

.. then in horde/config/prefs.php ...

// For LDAP binding
$prefGroups['ldapauth'] = array(
    'column' => _("Other Information"),
    'label' => _("LDAP Binding"),
    'desc' => _("Information on how to bind to your DSA."),
    'members' => array('ldap_userdn')
);

$_prefs['ldap_userdn'] = array(
    'value' => '',
    'locked' => true,
    'shared' => true,
    'type' => 'text',
    'desc' => _("LDAP Distinguished Name of user object"),
    'hook' => true
);

... and in horde/turba/config/sources.php the bind information for the
source looks like -

'bind_dn' => $GLOBALS['prefs']->getValue('ldap_userdn'),
'bind_password' => Auth::getCredential('password'),

And then the DN can have any structure that it happens to have, the Dit
can be reorganized, etc... and connecting to the DSA always happens in
the appropriate context.  In addition to the fact you can now setup
access control in the DSA itself based on per-user or group-membership
basis so people can use whatever LDAP client they want and always have
equivalent access.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.horde.org/archives/turba/attachments/20051019/0dce395d/attachment.bin


More information about the turba mailing list