Tickets :: Comment on [#12128] Bad search filter ldap Groups

* Your Email Address
* Spam protection	Enter the letters below: .__ .__ . . __ . . [__)[__)\ // `\| \| \| \\| \ \/ \__.\|__\|
Comment	> Hello Jan and all, > > I come with a solution that seems to solve the issue of bad filter > (&(objectclass=)(=userid)) error when attrisdn is checked.... > > My solution: > > I added two parameters into horde/config/conf.xml just before attrisdn. > > <configstring name="uid" desc="User uid field"> > uid</configstring> > <configstring name="filter" desc="User filter"> > (objectclass=posixAccount)</configstring> > > These params are only available in the user array in findUserDN for > authentication during the logging. > When we are in kronolith interface, a command ""echo > $this->_config['user']"" line 879 of Horde/Ldap.php show us that > these params are not longer available. By adding them into conf.xml > we can see immediately the result. > > Here is below my config Horde Group which may be help for setting up > the others things such as $conf[group][params][basedn] > dc=example,dc=com which is very important cause this is the baseDN > that is used into findUserDN. > > I will be pleased to know if my little contribution is of any help. > > * $conf[group][driver] > Kolab LDAP No Groups SQL > What backend should we use for Horde Groups? > * $conf[group][params][driverconfig] > Horde defaults Custom parameters > Driver configuration > * $conf[group][params][hostspec] > ldap.example.com > LDAP server/hostname > $conf[group][params][port] > > Port on which LDAP is listening, if non-standard > $conf[group][params][tls] > > Use TLS to connect to the server? > * $conf[group][params][version] > 2 (deprecated) 3 > LDAP protocol version > * $conf[group][params][bindas] > Bind anonymously Bind as the currently logged-in user Bind with > administrative/system credentials > Bind to LDAP as which user? > * $conf[group][params][basedn] > dc=example,dc=com > Base DN > * $conf[group][params][scope] > Subtree search One level > Search scope > * $conf[group][params][gid] > cn > The group search key > * $conf[group][params][memberuid] > member > Group membership field > * $conf[group][params][uid] > uid > User uid field > * $conf[group][params][filter] > (objectclass=posixAccount) > User filter > $conf[group][params][attrisdn] > > If checked, the user member attributes returned from LDAP are > expected to be fully qualified DNs > * $conf[group][params][newgroup_objectclass] > posixGroup, hordeGroup > What objectclasses should a new group be member of? These > objectclasses should cover the mail and gidnumber attributes as well > as the group search key > $conf[group][params][writedn] > uid=webadm,ou=personnes,dc=example,dc=com > DN used to bind for creating and editing LDAP groups. > $conf[group][params][writepw] > password > Password for bind DN. > * $conf[group][params][search][filter_type] > One or more objectclass filters A complete LDAP filter expression > How to specify a filter for the group lists > * $conf[group][params][search][objectclass] > posixGroup > The objectclass filter used to search for groups. Can be a single > objectclass or a list. > > > Gérard >
Attachment
Watch this ticket

Saved Queries