Tickets :: [#3769] ldap driver Vs MSAD

6.0.0-alpha12

6/9/25

Summary	ldap driver Vs MSAD
Queue	Horde Framework Packages
Queue Version	HEAD
Type	Enhancement
State	Resolved
Priority	1. Low
Owners	chuck (at) horde (dot) org
Requester	fhelly (at) bebop-design (dot) net
Created	04/14/2006 (6996 days ago)
Due
Updated	08/01/2007 (6522 days ago)
Assigned	10/13/2006 (6814 days ago)
Resolved	07/31/2007 (6523 days ago)
Milestone
Patch	Yes

08/01/2007 01:51:48 AM	Chuck Hagenbuch	Comment #14	Reply to this comment
Thanks! I made sure you were listed in an @author tag.

07/31/2007 10:20:32 PM	fhelly (at) bebop-design (dot) net	Comment #13	Reply to this comment
I forgot to ask: are you willing to assign copyright on your code to the Horde Project? Thanks! Yes of course :-)

07/31/2007 08:49:54 PM	Chuck Hagenbuch	Comment #12	Reply to this comment
Update again.

07/31/2007 08:03:59 PM	Matt Selsky	Comment #11	Reply to this comment
Also, should Jon even be listed as an author/copyright holder on the msad driver? This module is a sub-class of code that he wrote. Did he work on this too?

07/31/2007 07:41:45 PM	Chuck Hagenbuch	Comment #10	Reply to this comment
I forgot to ask: are you willing to assign copyright on your code to the Horde Project? Thanks!

07/31/2007 03:53:25 PM	Chuck Hagenbuch	Comment #9 State ⇒ Resolved Assigned to Chuck Hagenbuch	Reply to this comment
Okay. I've committed the auth driver with just a few cleanups as an experimental extension; once it has some more testing or you have time to come back to it we can add the appropriate conf.xml entries. Alright? Thanks!

07/31/2007 03:03:20 PM	Chuck Hagenbuch	Comment #8 Version ⇒ HEAD Queue ⇒ Horde Framework Packages State ⇒ Accepted	Reply to this comment
Moving to framework

07/31/2007 11:37:56 AM	fhelly (at) bebop-design (dot) net	Comment #7	Reply to this comment
What is the status of this code, and are there still changes that need to be made to the passwd code? Or should this be strictly a framework ticket? Unfortunately I don't have any access to an MSAD server before september or october (2007). I can't perform any further tests until this period. The code I sent is used by two frameworks I configured for my clients. So, at this stage, I think this ticket is strictly a framework one.

07/19/2007 08:34:34 PM	Chuck Hagenbuch	Comment #6 Taken from Horde Developers State ⇒ Feedback	Reply to this comment
What is the status of this code, and are there still changes that need to be made to the passwd code? Or should this be strictly a framework ticket?

10/13/2006 07:19:33 PM	Chuck Hagenbuch	Assigned to Horde Developers State ⇒ Assigned

10/13/2006 04:16:34 PM	fhelly (at) bebop-design (dot) net	Comment #5 New Attachment: msad.php	Reply to this comment
See attachment : - I tested addUser but I had some problems with AD account activation, if someone could resolve it; - I run authentication with multiple alias for uid : array('initials', 'email', 'samaccountname') and works fine against a 2003 server; - I test removeUser and worked fine (with a bind user); - I test listUser, the problem is always to configure the appropriate filter. So maybe we can change a bit the configuration parameters (conf.xml) for : configure an array used to create the filter for user list and configure an array used to generate the path to the user's account in the AD schema... For some fonctionnalities such as resetPassword, maybe the right way is to use the authenticated user to bind against the server not an admin user ... (see password)

10/10/2006 02:19:22 PM	Jan Schneider	State ⇒ Accepted

05/08/2006 03:44:12 PM	Jan Schneider	Type ⇒ Enhancement State ⇒ Feedback Priority ⇒ 1. Low

04/19/2006 03:59:53 AM	Chuck Hagenbuch	Comment #4	Reply to this comment
No. Btw it seems MSAD requires ldap over SSL (ldaps://hostspec:636) if we want to initialize users and passwords through ldap binding. Last year I wrote an extension of the Auth_ldap class called Auth_msad because I didn't want to have to configure a hook for authentication (it was against H 3.0): maybe the way is to separate AD specifics from non-AD servers in Password application and in Auth class? The way AD stores dates and manages expiration date of password seems to be really specific too. Yes, that sounds like a good idea. Patch? ;)

04/19/2006 01:28:15 AM	fhelly (at) bebop-design (dot) net	Comment #3	Reply to this comment
Do you know why AD returns binary (or seemingly binary) data? No. Btw it seems MSAD requires ldap over SSL (ldaps://hostspec:636) if we want to initialize users and passwords through ldap binding. Last year I wrote an extension of the Auth_ldap class called Auth_msad because I didn't want to have to configure a hook for authentication (it was against H 3.0): maybe the way is to separate AD specifics from non-AD servers in Password application and in Auth class? The way AD stores dates and manages expiration date of password seems to be really specific too.

04/14/2006 09:26:52 PM	Chuck Hagenbuch	Comment #2 State ⇒ Feedback	Reply to this comment
Do you know why AD returns binary (or seemingly binary) data? And can anyone verify that ldap_get_values_len() works properly with non-AD servers?

04/14/2006 05:27:40 PM	fhelly (at) bebop-design (dot) net	Comment #1 Priority ⇒ 2. Medium State ⇒ Unconfirmed Queue ⇒ Passwd Type ⇒ Bug Summary ⇒ ldap driver Vs MSAD	Reply to this comment
The ldap_get_values() function seems to not always work against an Active Directory. When checking password, use ldap_get_values_len() instead of ldap_get_values() in passwd/lib/Driver/ldap.php line 136.