Tickets :: [#2502] wrong error when using smbldap driver and bind as user

6.0.0-RC7

6/29/26

History
Attachments
Comment
Watch
Download

Summary	wrong error when using smbldap driver and bind as user
Queue	Passwd
Queue Version	HEAD
Type	Bug
State	Resolved
Priority	1. Low
Owners	Horde Developers (at) , jan (at) horde (dot) org
Requester	glen (at) delfi (dot) ee
Created	8/23/05 (7615 days ago)
Due
Updated	9/13/05 (7594 days ago)
Assigned	9/11/05 (7596 days ago)
Resolved	9/13/05 (7594 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

2410	Jan Schneider	Comment #6 State ⇒ Resolved	Reply to this comment
This was the patch and rationale behind that change: http://lists.horde.org/archives/sork/Week-of-Mon-20040503/001579.html I reverted it to the former behaviour because that made more sense to me.

109	Jan Schneider	Assigned to Jan Schneider Assigned to Horde Developers State ⇒ Assigned

352	glen (at) delfi (dot) ee	Comment #5	Reply to this comment
maybe not just remove the anonymous bind, but rather remove the fallbacking method, ie if there's no configuration on $userdn try only anon-bind, and if $userdn set, try only anonymous bind. if (!is_null($userdn)) { // do non-anonymous bind } else { // do anonymous bind } then i think it will work as expected: 1. bind with root user 2. bind with current user 3. anonymous bind and no hidden catches.

33	Chuck Hagenbuch	Comment #4	Reply to this comment
Okay, I understand you now. It seems odd to me to try updating passwords anonymously, but I'm wary of removing functionality that people need. Please poll the sork list on this.

1010	glen (at) delfi (dot) ee	Comment #3 New Attachment: horde-passwd-noanon-bind.patch	Reply to this comment
if you go change the password, and fill wrong "old password" the ldap driver will fallback to the anonymous bind, due bind with password failed. [Fri Sep 9 01:55:20 2005] [error] PHP Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /usr/share/horde/passwd/lib/Driver/ldap.php on line 87 [Fri Sep 9 01:55:20 2005] [error] PHP Warning: ldap_mod_replace(): Modify: Strong(er) authentication required in /usr/share/horde/passwd/lib/Driver/ldap.php on line 282 // Try to bind as the current userdn with password. if (!is_null($userdn)) { $result = @ldap_bind($this->_ds, $userdn, $password); } // If unable to bind as current user, still try to bind as // guest. if (!$result) { $result = @ldap_bind($this->_ds); } removing the second rebind, the proper error is produced: " Failure in changing password on delfi.ee domain: Incorrect Password"

5312	Chuck Hagenbuch	Comment #2 State ⇒ Feedback	Reply to this comment
I'm sorry, I can't follow what the problem is. What do you think should be changed? Can you upload a patch?

369	glen (at) delfi (dot) ee	Comment #1 Priority ⇒ 1. Low Type ⇒ Bug Summary ⇒ wrong error when using smbldap driver and bind as user Queue ⇒ Passwd State ⇒ Unconfirmed	Reply to this comment
i've configured smbldap and hooks to bind to DN of user. when user fills wrong old password the driver will try to bind anonymous LDAP user and further modification operation will fail as there aren't sufficent permissions to update LDAP. error returned is: Failure in changing password on delfi.ee domain: Strong(er) authentication required