6.0.0-alpha12
6/9/25

[#3769] ldap driver Vs MSAD
Summary ldap driver Vs MSAD
Queue Horde Framework Packages
Queue Version HEAD
Type Enhancement
State Resolved
Priority 1. Low
Owners chuck (at) horde (dot) org
Requester fhelly (at) bebop-design (dot) net
Created 04/14/2006 (6996 days ago)
Due
Updated 08/01/2007 (6522 days ago)
Assigned 10/13/2006 (6814 days ago)
Resolved 07/31/2007 (6523 days ago)
Milestone
Patch Yes

History
08/01/2007 01:51:48 AM Chuck Hagenbuch Comment #14 Reply to this comment
Thanks! I made sure you were listed in an @author tag.
07/31/2007 10:20:32 PM fhelly (at) bebop-design (dot) net Comment #13 Reply to this comment
I forgot to ask: are you willing to assign copyright on your code to
the Horde Project? Thanks!
Yes of course :-)
07/31/2007 08:49:54 PM Chuck Hagenbuch Comment #12 Reply to this comment
Update again.
07/31/2007 08:03:59 PM Matt Selsky Comment #11 Reply to this comment
Also, should Jon even be listed as an author/copyright holder on the 
msad driver?  This module is a sub-class of code that he wrote.  Did 
he work on this too?
07/31/2007 07:41:45 PM Chuck Hagenbuch Comment #10 Reply to this comment
I forgot to ask: are you willing to assign copyright on your code to 
the Horde Project? Thanks!
07/31/2007 03:53:25 PM Chuck Hagenbuch Comment #9
State ⇒ Resolved
Assigned to Chuck Hagenbuch
Reply to this comment
Okay. I've committed the auth driver with just a few cleanups as an 
experimental extension; once it has some more testing or you have time 
to come back to it we can add the appropriate conf.xml entries. Alright?



Thanks!
07/31/2007 03:03:20 PM Chuck Hagenbuch Comment #8
Version ⇒ HEAD
Queue ⇒ Horde Framework Packages
State ⇒ Accepted
Reply to this comment
Moving to framework
07/31/2007 11:37:56 AM fhelly (at) bebop-design (dot) net Comment #7 Reply to this comment
What is the status of this code, and are there still changes that
need to be made to the passwd code? Or should this be strictly a
framework ticket?
Unfortunately I don't have any access to an MSAD server before 
september or october (2007). I can't perform any further tests until 
this period. The code I sent is used by two frameworks I configured 
for my clients.

So, at this stage, I think this ticket is strictly a framework one.


07/19/2007 08:34:34 PM Chuck Hagenbuch Comment #6
Taken from Horde DevelopersHorde Developers
State ⇒ Feedback
Reply to this comment
What is the status of this code, and are there still changes that need 
to be made to the passwd code? Or should this be strictly a framework 
ticket?
10/13/2006 07:19:33 PM Chuck Hagenbuch Assigned to Horde DevelopersHorde Developers
State ⇒ Assigned
 
10/13/2006 04:16:34 PM fhelly (at) bebop-design (dot) net Comment #5
New Attachment: msad.php Download
Reply to this comment
See attachment :

- I tested addUser but I had some problems with AD account activation, 
if someone could resolve it;

- I run authentication with multiple alias for uid : array('initials', 
'email', 'samaccountname') and works fine against a 2003 server;

- I test removeUser and worked fine (with a bind user);

- I test listUser, the problem is always to configure the appropriate filter.



So maybe we can change a bit the configuration parameters (conf.xml) for :

configure an array used to create the filter for user list and 
configure an array used to generate the path to the user's account in 
the AD schema...



For some fonctionnalities such as resetPassword, maybe the right way 
is to use the authenticated user to bind against the server not an 
admin user ...

(see password)




10/10/2006 02:19:22 PM Jan Schneider State ⇒ Accepted
 
05/08/2006 03:44:12 PM Jan Schneider Type ⇒ Enhancement
State ⇒ Feedback
Priority ⇒ 1. Low
 
04/19/2006 03:59:53 AM Chuck Hagenbuch Comment #4 Reply to this comment
No. Btw it seems MSAD requires ldap over SSL (ldaps://hostspec:636)
if we want to initialize users and passwords through ldap binding.
Last year I wrote an extension of the Auth_ldap class called
Auth_msad because I didn't want to have to configure a hook for
authentication (it was against H 3.0): maybe the way is to separate
AD specifics from non-AD servers in Password application and in Auth
class? The way AD stores dates and manages expiration date of
password seems to be really specific too.
Yes, that sounds like a good idea. Patch? ;)
04/19/2006 01:28:15 AM fhelly (at) bebop-design (dot) net Comment #3 Reply to this comment
Do you know why AD returns binary (or seemingly binary) data?
No. Btw it seems MSAD requires ldap over SSL (ldaps://hostspec:636) if 
we want to initialize users and passwords through ldap binding.

Last year I wrote an extension of the Auth_ldap class called Auth_msad 
because I didn't want to have to configure a hook for authentication 
(it was against H 3.0): maybe the way is to separate AD specifics from 
non-AD servers in Password application and in Auth class? The way AD 
stores dates and manages expiration date of password seems to be 
really specific too.




04/14/2006 09:26:52 PM Chuck Hagenbuch Comment #2
State ⇒ Feedback
Reply to this comment
Do you know why AD returns binary (or seemingly binary) data? And can 
anyone verify that ldap_get_values_len() works properly with non-AD 
servers?
04/14/2006 05:27:40 PM fhelly (at) bebop-design (dot) net Comment #1
Priority ⇒ 2. Medium
State ⇒ Unconfirmed
Queue ⇒ Passwd
Type ⇒ Bug
Summary ⇒ ldap driver Vs MSAD
Reply to this comment
The ldap_get_values() function seems to not always work against an 
Active Directory.



When checking password,

use ldap_get_values_len() instead of ldap_get_values()

in passwd/lib/Driver/ldap.php line 136.

Saved Queries