[turba] edit LDAP entry

Wed Oct 19 06:27:40 PDT 2005

Problem solved. I didnt' realize turba had to have each individual user
credentials to manipulate their entries. Building the DN on the fly with the
code you guys sent did trick.
thanks a bunch,
eric.
--------
Unidad de Educación a Distancia
Universidad de El Salvador
Tel. +(503) 22251500 ext.4183


---------- Original Message -----------
From: Adam Tauno Williams <adam at morrison-ind.com>
To: turba at lists.horde.org
Sent: Wed, 19 Oct 2005 09:29:47 -0400
Subject: Re: [turba] edit LDAP entry

> > Craig,
> > I notice you use uid, I use cn instead. I am going to try it and see that
> > fixes the problem...
> 
> What you are constructing is a DN;  it has to match however your Dit 
> is setup.
> 
> For instance, we just lookup the users DN when they login as a
> preferences:
> 
> In horde/config/hooks.pref
> 
>   if (!function_exists('_prefs_hook_ldap_userdn')) {
>     function _prefs_hook_ldap_userdn()
>     {
>          $ldapServer = 'littleboy.morrison.iserv.net';
>          $ldapPort = '389';
>          $searchBase = 'o=Morrison Industries,c=US';
>          $dn = '';
> 
>          $ds = @ldap_connect($ldapServer, $ldapPort);
> 
>          $searchResult = @ldap_search($ds, $searchBase,
> '(&(objectclass=account)(uid=' . Auth::getAuth() . '))');
>          $information = @ldap_get_entries($ds, $searchResult);
>          if ($information[0]['dn'] != '')
>            $dn = $information[0]['dn'];
>          ldap_close($ds);
>          return $dn;
>     }
>   }
> 
> .. then in horde/config/prefs.php ...
> 
> // For LDAP binding
> $prefGroups['ldapauth'] = array(
>     'column' => _("Other Information"),
>     'label' => _("LDAP Binding"),
>     'desc' => _("Information on how to bind to your DSA."),
>     'members' => array('ldap_userdn')
> );
> 
> $_prefs['ldap_userdn'] = array(
>     'value' => '',
>     'locked' => true,
>     'shared' => true,
>     'type' => 'text',
>     'desc' => _("LDAP Distinguished Name of user object"),
>     'hook' => true
> );
> 
> ... and in horde/turba/config/sources.php the bind information for 
> the source looks like -
> 
> 'bind_dn' => $GLOBALS['prefs']->getValue('ldap_userdn'),
> 'bind_password' => Auth::getCredential('password'),
> 
> And then the DN can have any structure that it happens to have, the Dit
> can be reorganized, etc... and connecting to the DSA always happens 
> in the appropriate context.  In addition to the fact you can now 
> setup access control in the DSA itself based on per-user or group-membership
> basis so people can use whatever LDAP client they want and always 
> have equivalent access.
------- End of Original Message -------