6.0.0-beta1
7/5/25

[#3984] change user password fails without anonymous search allowed
Summary change user password fails without anonymous search allowed
Queue Passwd
Queue Version HEAD
Type Bug
State Resolved
Priority 1. Low
Owners bklang (at) horde (dot) org
Requester mi.braun (at) onlinehome (dot) de
Created 05/30/2006 (6976 days ago)
Due
Updated 03/13/2008 (6323 days ago)
Assigned 10/11/2006 (6842 days ago)
Resolved 03/13/2008 (6323 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
03/13/2008 04:31:17 AM Ben Klang Comment #6
State ⇒ Resolved
Reply to this comment
Fix committed.
03/12/2008 09:55:43 PM Ben Klang Assigned to Ben Klang
Taken from Jan Schneider
 
10/11/2006 11:58:13 AM Jan Schneider State ⇒ Assigned
 
06/01/2006 03:45:42 AM Chuck Hagenbuch Comment #5
Assigned to Jan Schneider
Reply to this comment
Giving to Jan to pick between the two options.
05/31/2006 08:50:54 PM mi (dot) braun (at) onlinehome (dot) de Comment #4 Reply to this comment
see Bug [#3782]
05/30/2006 07:44:04 PM mi (dot) braun (at) onlinehome (dot) de Comment #3
New Attachment: ldap-respect-userdn-hook-before-connecting[2].diff Download
Reply to this comment
I asked my self why do I need to provide a _passwd_userdn - Hook if I 
does not need to provide a similar authentification hook?



The solution are the binddn / bindpw parameters of the ldap 
authentification plugin.

This means that the backend first connects as the binddn user instead 
of the anonymous user  to figure out the full userdn and then connects 
as the user.

This is only a little change to the _lookupDN method.



The patch attached here contains the last patch enhanced by the binddn 
feature.
05/30/2006 07:22:33 PM mi (dot) braun (at) onlinehome (dot) de Comment #2
New Attachment: ldap-respect-userdn-hook-before-connecting[1].diff Download
Reply to this comment
The lookupDN method contains a bug using is_null instead of empty for 
checking wether admindn is set. This patch includes the last one 
enhanced by fixing this.
05/30/2006 07:01:43 PM mi (dot) braun (at) onlinehome (dot) de Comment #1
Priority ⇒ 1. Low
Type ⇒ Bug
Summary ⇒ change user password fails without anonymous search allowed
Queue ⇒ Passwd
New Attachment: ldap-respect-userdn-hook-before-connecting.diff Download
State ⇒ Unconfirmed
Reply to this comment
Hi,



i'm using the ldap and smbldap backend to let the user change its ldap 
password.

My ldap server does not allow the anonymous user search the entire 
user database and I don't want to provide and admindn for security 
reasons.



Even with the _passwd_userdn hook enabled, this won't work as the ldap 
backend does not respect this hook when connecting for checking for 
the users existence.



So I wrote a patch that moves the _lookupDN function from smbldap.php 
to ldap.php and fixes ldap.php to use the same initialisation as 
smbldap.php using _lookupDN .

Saved Queries