| Summary | shadowLastChange and shadowMin LDAP attributes are not updated |
| Queue | Passwd |
| Queue Version | 3.0 |
| Type | Bug |
| State | Resolved |
| Priority | 2. Medium |
| Owners | jan (at) horde (dot) org |
| Requester | david (at) tmv (dot) gov (dot) tw |
| Created | 10/11/2005 (7227 days ago) |
| Due | |
| Updated | 05/08/2006 (7018 days ago) |
| Assigned | 01/14/2006 (7132 days ago) |
| Resolved | 05/08/2006 (7018 days ago) |
| Github Issue Link | |
| Github Pull Request | |
| Milestone | |
| Patch | Yes |
State ⇒ Resolved
any additional patches that aren't part of the original ticket. Also,
please make sure the patches are unified diffs, and try to avoid tabs,
etc. - see horde/docs/CODING_STANDARDS. Thanks!
Thanks .
David
New Attachment: passwd-binddn.diff
I just got an "unable to connect" error under the following conditions:
1. authenticate agains ldap server and using binddn (Auth/ldap.php)
to find out
about userdn
2. server does not allow anonymous bind and requires full userdn to
bind as user
3. no admindn given, for security reasons.
4. no _passwd_userdn_hook, as login also does need it.
So I'd like to propose a binddn (same as guestdn in
bug 3229).Please find a patch attached, include binddn and my lastly submitted patch.
sincerly,
Mbraun
New Attachment: passwd.diff
I wondered why in passwd/lib/Driver/ldap.php : changePassword function
there are two times where a userdn is guessed.
It is guessed as urealm=username or urealm=username@realm first and
then, lines later, the passwd hook is used. Why is the passwd username
hook not used when guessing urealm first?
Second, why is the parameter "$username" when it is not used for the
passwd username hook?
I guess the $username parameter is the better one, according to the
description that $username's password is changed, not neccesarily the
password of the currently logged in user.
Therefor I changed the changePassword method.
Please find a patch attached.
State ⇒ Feedback
Taken from
State ⇒ Assigned
bug 3229.David
Driver/ldap.php? How do yo bind to the LDAP server, anonymously, with
the user credentials, or with an administrator account?
After submit the "Change Password" button ,i always got "Failure in
changing password on TMV LDAP server: Incorrect Password" .
This error message was occur by lib/Driver.php at line 56.and there
are no more tracking detail was returned,even insert
var_dump($new_details) at line 197 in /lib/Driver/ldap.php .
be set in backends.php to the attribute name. I rewrote the driver in
CVS HEAD to always to try to default to 'shadowLastChange' (you can
still overwrite it in backends.php), and to always try to lookup that
value.
As I changed a lot of code and don't have a system to test the driver,
please check if it still works as expected.
array(1) { ["userPassword"]=> string(38)
"{SSHA}L4HAa7stX5cvIg8dFNvidG6rF4qDZtHi" }
State ⇒ Feedback
Priority ⇒ 2. Medium
shadowLastChange is set in line 274 of lib/Driver/ldap.php
You can put a
var_dump($new_details);
into line 276 and watch the output.
Assigned to
State ⇒ Assigned
Priority ⇒ 3. High
State ⇒ Unconfirmed
Queue ⇒ Passwd
Summary ⇒ shadowLastChange and shadowMin LDAP attributes not work
Type ⇒ Bug
successfully.And the i still can change my ldap'passwd in the same day
again even shadowMin was set to 7.
Here are my ldap's attributes about shadow:
===================================
shadowLastChange: 13056
shadowFlag: 134544124
shadowInactive: -1
shadowMin: 7
shadowMax: -1
shadowWarning: 7
And here are my backend.conf :
$backends['ldap'] = array(
'name' => 'Example LDAP server',
'preferred' => 'localhost',
'password policy' => array(
'minLength' => 6,
//'maxLength' => 8
'minUpper' => 1,
'minLower' => 1,
'minNumeric' => 2,
'minAlpha' => 3
),
'driver' => 'ldap',
'params' => array(
'host' => 'localhost',
'port' => 389,
'basedn' => 'dc=example,dc=com',
'uid' => 'uid',
// this will be appended to the username when looking for the userdn.
'realm' => '',
'encryption' => 'ssha',
// make sure the host == cn in the server certificate
'tls' => false
)
);
David