Summary | change user password fails without anonymous search allowed |
Queue | Passwd |
Queue Version | HEAD |
Type | Bug |
State | Resolved |
Priority | 1. Low |
Owners | bklang (at) horde (dot) org |
Requester | mi.braun (at) onlinehome (dot) de |
Created | 05/30/2006 (6976 days ago) |
Due | |
Updated | 03/13/2008 (6323 days ago) |
Assigned | 10/11/2006 (6842 days ago) |
Resolved | 03/13/2008 (6323 days ago) |
Github Issue Link | |
Github Pull Request | |
Milestone | |
Patch | No |
State ⇒ Resolved
Taken from Jan Schneider
Assigned to Jan Schneider
New Attachment: ldap-respect-userdn-hook-before-connecting[2].diff
does not need to provide a similar authentification hook?
The solution are the binddn / bindpw parameters of the ldap
authentification plugin.
This means that the backend first connects as the binddn user instead
of the anonymous user to figure out the full userdn and then connects
as the user.
This is only a little change to the _lookupDN method.
The patch attached here contains the last patch enhanced by the binddn
feature.
New Attachment: ldap-respect-userdn-hook-before-connecting[1].diff
checking wether admindn is set. This patch includes the last one
enhanced by fixing this.
Priority ⇒ 1. Low
Type ⇒ Bug
Summary ⇒ change user password fails without anonymous search allowed
Queue ⇒ Passwd
New Attachment: ldap-respect-userdn-hook-before-connecting.diff
State ⇒ Unconfirmed
i'm using the ldap and smbldap backend to let the user change its ldap
password.
My ldap server does not allow the anonymous user search the entire
user database and I don't want to provide and admindn for security
reasons.
Even with the _passwd_userdn hook enabled, this won't work as the ldap
backend does not respect this hook when connecting for checking for
the users existence.
So I wrote a patch that moves the _lookupDN function from smbldap.php
to ldap.php and fixes ldap.php to use the same initialisation as
smbldap.php using _lookupDN .