[#3984] change user password fails without anonymous search allowed
Summary change user password fails without anonymous search allowed
Queue Passwd
Queue Version HEAD
Type Bug
State Resolved
Priority 1. Low
Owners Ben Klang <ben (at) alkaloid (dot) net>
Requester mi (dot) braun (at) onlinehome (dot) de
Created 05/30/2006 (712 days ago)
Due
Updated 03/13/2008 (59 days ago)
Assigned 10/11/2006 (578 days ago)
Resolved 03/13/2008 (59 days ago)
Attachments ldap-respect-userdn-hook-before-connecting[1].diff Download
ldap-respect-userdn-hook-before-connecting.diff Download
ldap-respect-userdn-hook-before-connecting[2].diff Download
Milestone
Patch

History
03/13/2008 Ben Klang Comment #6
State ⇒ Resolved		 Reply to this comment
Fix committed.
03/12/2008 Ben Klang Taken from Jan Schneider
Assigned to Ben Klang
 
10/11/2006 Jan Schneider State ⇒ Assigned
 
05/31/2006 Chuck Hagenbuch Comment #5
Assigned to Jan Schneider		 Reply to this comment
Giving to Jan to pick between the two options.
05/31/2006 mi (dot) braun (at) onlinehome (dot) de Comment #4 Reply to this comment
see Bug [#3782]
05/30/2006 mi (dot) braun (at) onlinehome (dot) de Comment #3
New Attachment: ldap-respect-userdn-hook-before-connecting[2].diff Download		 Reply to this comment
I asked my self why do I need to provide a _passwd_userdn - Hook if I does not need to provide a similar authentification hook?

The solution are the binddn / bindpw parameters of the ldap authentification plugin.
This means that the backend first connects as the binddn user instead of the anonymous user  to figure out the full userdn and then connects as the user.
This is only a little change to the _lookupDN method.

The patch attached here contains the last patch enhanced by the binddn feature.
05/30/2006 mi (dot) braun (at) onlinehome (dot) de Comment #2
New Attachment: ldap-respect-userdn-hook-before-connecting[1].diff Download		 Reply to this comment
The lookupDN method contains a bug using is_null instead of empty for checking wether admindn is set. This patch includes the last one enhanced by fixing this.
05/30/2006 mi (dot) braun (at) onlinehome (dot) de Comment #1
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Type ⇒ Bug
New Attachment: ldap-respect-userdn-hook-before-connecting.diff Download
Queue ⇒ Passwd
Summary ⇒ change user password fails without anonymous search allowed		 Reply to this comment
Hi,

i'm using the ldap and smbldap backend to let the user change its ldap password.
My ldap server does not allow the anonymous user search the entire user database and I don't want to provide and admindn for security reasons.

Even with the _passwd_userdn hook enabled, this won't work as the ldap backend does not respect this hook when connecting for checking for the users existence.

So I wrote a patch that moves the _lookupDN function from smbldap.php to ldap.php and fixes ldap.php to use the same initialisation as smbldap.php using _lookupDN .