Tickets :: [#506] [PATCH] LDAP v3 Binds required

6.0.0-beta1

9/22/25

Summary	[PATCH] LDAP v3 Binds required
Queue	Passwd
Queue Version	2.2.1
Type	Bug
State	Resolved
Priority	2. Medium
Owners	jan (at) horde (dot) org
Requester	ben (at) alkaloid (dot) net
Created	08/25/2004 (7698 days ago)
Due
Updated	09/27/2004 (7665 days ago)
Assigned	09/27/2004 (7665 days ago)
Resolved	09/27/2004 (7665 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

09/27/2004 09:12:55 AM	Jan Schneider	Comment #3 State ⇒ Resolved	Reply to this comment
Committed, thanks.

09/27/2004 09:06:13 AM	Jan Schneider	Assigned to Jan Schneider State ⇒ Assigned

08/26/2004 09:16:28 PM	ben (at) alkaloid (dot) net	Comment #2	Reply to this comment
Oops, I hate it when I mix patches together. Please use this patch instead. It modifies backends.php.dist to include the variable to set the LDAP protocol version and removes the references to the strip_domain configuration (thats ticket number 507, oops). I also modified the variable name so that it is a bit more clear which version we are specifying. ----- snip passwd-ldapv3.diff ----- diff -urN passwd-2.2.1/config/backends.php.dist passwd/config/backends.php.dist --- passwd-2.2.1/config/backends.php.dist 2003-02-05 10:48:13.000000000 -0500 +++ passwd/config/backends.php.dist 2004-08-26 17:12:05.000000000 -0400 @@ -124,6 +124,7 @@ 'host' => 'localhost', 'port' => 389, 'basedn' => 'o=example.com', + 'protocol_version' => 3, 'uid' => 'uid', 'realm' => '', // this will be appended to the username when // looking for the userdn. diff -urN passwd-2.2.1/lib/Driver/ldap.php passwd/lib/Driver/ldap.php --- passwd-2.2.1/lib/Driver/ldap.php 2003-02-15 15:16:29.000000000 -0500 +++ passwd/lib/Driver/ldap.php 2004-08-26 17:13:00.000000000 -0400 @@ -34,6 +34,7 @@ $this->_params['basedn'] = array_key_exists('basedn', $params) ? $params['basedn'] : ''; $this->_params['realm'] = array_key_exists('realm', $params) ? $params['realm'] : ''; $this->_params['userdn'] = array_key_exists('userdn', $params) ? $params['userdn'] : null; + $this->_params['protocol_version'] = array_key_exists('protocol_version', $params) ? $params['protocol_version'] : null; } /** @@ -47,6 +48,19 @@ / function _connect($userdn = null, $password = null) { $this->_ds = ldap_connect($this->_params['host'], $this->_params['port']); + / Set the LDAP protocol version. */ + if (array_key_exists('protocol_version', $this->_params)) { + if (!ldap_set_option($this->_ds, LDAP_OPT_PROTOCOL_VERSION, + $this->_params['protocol_version'])) { + Horde::logMessage( + sprintf('Set LDAP protocol version to %d failed: [%d] %s', + $this->_params['protocol_version'], + ldap_errno($this->connection), + ldap_error($this->connection)), + __FILE__, __LINE__); + } + } + if (!$this->_ds) { return PEAR::raiseError(_("Could not connect to ldap server")); }

08/25/2004 03:41:33 AM	ben (at) alkaloid (dot) net	Comment #1 State ⇒ Unconfirmed Priority ⇒ 2. Medium Type ⇒ Bug Summary ⇒ [PATCH] LDAP v3 Binds required Queue ⇒ Passwd	Reply to this comment
In versions of OpenLDAP distributed with SuSE (and like other distributions) LDAPv3 is required for modifications. This small patch adds LDAPv3 to passwd (code shamelessly stolen from horde/lib/Prefs/ldap.php). --------snip patch below ---------- diff -urN passwd-2.2.1/config/conf.php.dist passwd/config/conf.php.dist --- passwd-2.2.1/config/conf.php.dist 2003-01-20 20:28:29.000000000 -0500 +++ passwd/config/conf.php.dist 2004-08-24 23:06:42.000000000 -0400 @@ -25,6 +25,10 @@ $conf['backend']['backend_list'] = 'hidden'; +// Determine whether or not to strip of the domain portion of the user's +// authentication token. By default we do. +$conf['prefs']['strip_domain'] = 1; + // Define usernames for which we will refuse to change passwords. // This may or may not work with realms or virtual hosting, depending on setup diff -urN passwd-2.2.1/lib/Driver/ldap.php passwd/lib/Driver/ldap.php --- passwd-2.2.1/lib/Driver/ldap.php 2003-02-15 15:16:29.000000000 -0500 +++ passwd/lib/Driver/ldap.php 2004-08-24 23:25:04.000000000 -0400 @@ -34,6 +34,7 @@ $this->_params['basedn'] = array_key_exists('basedn', $params) ? $params['basedn'] : ''; $this->_params['realm'] = array_key_exists('realm', $params) ? $params['realm'] : ''; $this->_params['userdn'] = array_key_exists('userdn', $params) ? $params['userdn'] : null; + $this->_params['version'] = array_key_exists('version', $params) ? $params['version'] : null; } /** @@ -47,6 +48,19 @@ / function _connect($userdn = null, $password = null) { $this->_ds = ldap_connect($this->_params['host'], $this->_params['port']); + / Set the LDAP protocol version. */ + if (array_key_exists('version', $this->_params)) { + if (!ldap_set_option($this->_ds, LDAP_OPT_PROTOCOL_VERSION, + $this->_params['version'])) { + Horde::logMessage( + sprintf('Set LDAP protocol version to %d failed: [%d] %s', + $this->_params['version'], + ldap_errno($this->connection), + ldap_error($this->connection)), + __FILE__, __LINE__); + } + } + if (!$this->_ds) { return PEAR::raiseError(_("Could not connect to ldap server")); }