6.0.0-git
2019-03-18

[#1786] LDAP Preferences - Wrong bind DN
Summary LDAP Preferences - Wrong bind DN
Queue Horde Framework Packages
Type Enhancement
State Resolved
Priority 2. Medium
Owners
Requester heinz (at) htl-steyr (dot) ac (dot) at
Created 2005-04-13 (5087 days ago)
Due
Updated 2005-06-01 (5038 days ago)
Assigned
Resolved 2005-06-01 (5038 days ago)
Milestone
Patch No

History
2005-06-01 05:29:38 Chuck Hagenbuch Comment #4
State ⇒ Resolved
Reply to this comment
Ben - patches look good and clean, I've committed them and they'll be 
in Horde 3.1. Thanks!
2005-04-18 18:53:41 ben (dot) sommer (at) enc (dot) edu Comment #3
New Attachment: lib-horde-prefs-ldap.php.diff Download
Reply to this comment
...and here's the second patch!
2005-04-18 18:52:49 ben (dot) sommer (at) enc (dot) edu Comment #2
New Attachment: config-conf.xml.diff Download
Reply to this comment
Here's my proposed solution to this problem:



Horde's Prefs ldap driver requires either

     A) a root DN and password to search for and modify a user's prefs

fields, or

     B) a simple-to-concatenate user DN formula (such

$conf['prefs']['params']['uid'] + a $base_dn)



A) is a problem because root binds to an LDAP server are neither

necessary nor desired to do most any user-level write operations.

B) is a problem because my (like the original poster's) person schema 
does not conform to such a simplistic formula. DNs look like this:



     ueid=84kjasd99,ou=8,ou=people,dc=enc,dc=edu



The solution is to make the Prefs ldap driver behave like most LDAP apps

that need to do write operations: do an anonymous bind, search for the

entry to modify using a filter, then rebind as the DN of that entry and

do the write.



This is a config issue, and horde admins should be aware of the 
option. To this end, I added an option under LDAP-config Preferences 
in conf.xml.
2005-04-13 16:51:01 heinz (at) htl-steyr (dot) ac (dot) at Comment #1
Type ⇒ Enhancement
State ⇒ New
Priority ⇒ 2. Medium
Summary ⇒ LDAP Preferences - Wrong bind DN
Queue ⇒ Horde Framework Packages
New Attachment: ldap.php.diff Download
Reply to this comment
I am using the LDAP-Preferences System

The users in the LDAP-tree are organized hierarchicaly in different 
organizational units.

When binding to the LDAP-server we have to determine the user's full DN.

In the current code (/horde/lib/Horde/Prefs/ldap.php v1.85.10.4) the 
bind DN is hardcoded like this:

     $bind_dn = sprintf('%s=%s,%s', $this->_params['uid'][0],

                                    $this->_params['username'],

                                    $this->_params['basedn']);



In our opinion it would be more advantageous to use the code attached, 
to avoid this hardcoding.


Saved Queries