Menu
▾
▴
Re: [SM-PLUGINS] can't connect ldap database
|
From: Manfred L. <man...@ao...> - 2005-11-12 12:13:49
|
Tomas Kuliavas wrote: >>>>>>Hi, i have downloaded the plugin for changing the LDAP password, in >>>>>>the database i have in my Linux Debian mail server, but, i cannot >>>>>>replace my password the message it shows is as follows: >>>>>> >>>>>>your account was not found in the LDAP database, can't change your >>>>>>password... >>>>>>Su cuenta no fue encontrada en la base de datos LDAP, no se puede >>>>> >>>>>cambiar >>>>> >>>>> >>>>>>la >>>>>>contraseña. >>>>>> >>>>>>my account do exists.... >>>>>> >>>>>>what could be happening..? >>>>>> >>>>>>this is my config.php [squirrel plugin] >>>>>> >>>>>><?php >>>>>> >>>>>>//$ldap_server = "localhost"; >>>>>>$ldap_server = "malpelo.cioh.org.co <http://malpelo.cioh.org.co> < >>>>> >>>>>http://malpelo.cioh.org.co>"; >>>>> >>>>> >>>>>>$ldap_password_field = "userPassword"; >>>>>>$ldap_user_field = "uid"; >>>>>> >>>>>>//put the ldap base dn of your server here >>>>>>//$ldap_base_dn = "dc=example,dc=com"; >>>>>>$ldap_base_dn = "dc=cioh.org.co <http://cioh.org.co> >>>>> >>>>><http://cioh.org.co >>>>> >>>>> >>>>>>,o=cioh"; >>>>>>------------- >>>>>>I have tried with the IP address of the machine... but shows the same >>>>>>message... >>>>> >>>>>In some setups slapd ACLs don't allow listing of directory without >>>>>authentication. Check /etc/ldap/slapd.conf or set $query_dn and >>>>>$query_pw >>>>>in plugin's configuration. >>>>> >>>>>See also >>>>>http://article.gmane.org/gmane.mail.squirrelmail.user/26334 >>>>>and >>>>> >>>>>https://sourceforge.net/tracker/index.php?func=detail&aid=1255733&group_id=311&atid=300311 >>>>> >>>> >>>>thank you, i have set the values $query_dn and $query_pw >>>> >>>>but there is still an error: >>>> >>>>-LDAP bind failed >>>> >>>>any hint.. ? >>> >>> >>>Have you checked test script on Gmane link and patches on Sourceforge >>>tracker? Test script does not suppress php ldap extension errors, >>>patches >>>on Sourceforge add LDAPv3 protocol support. >>> >>>PHP LDAP extension defaults to LDAPv2 bind protocol, Debian Sarge >>>requires >>>LDAPv3 bind protocol by default. dpkg-reconfigure slapd, change >>>/etc/ldap/slapd.conf or add LDAPv3 support to change_ldappass plugin. >>> >>>Please use mailing list for SquirrelMail support questions and keep same >>>reply style as used in first reply. It is hard to follow discussion, >>>when >>>you top post. >>> >> >>Thanks Thomas! >> >>I tried to do the same some time ago, but gave up because of missing >>LDAPv3 support. >>I tried the test script => works fine. >>I tried change_ldappass-1.9.1, which gives an error. >> >>"We could not retrieve your old password from the LDAP server." >> >>I do a rebind as user, and have following ACL in slapd.conf: >>access to attrs=userPassword >> by dn="cn=admin,dc=xxx,dc=at" write >> by anonymous auth >> by self write >> by * none >> >>If I use LDAP-Administrator (Softerra) and bind as normal User I can >>see, change and verify my password. >>It's SSHA encrypted for sure. >> >>Any hints? > > > do you have $no_bind_as_user = 0 ; in plugin's config? Yes. > can you add $debug = true; in configuration file and check if userpassword > field is retrieved? Did it, you'll find the output below. > do you have mhash extension in php? Added it, no change. > > could you download 1.5.1cvs plugins snapshot and test change_password > plugin that is part of 1.5.1cvs? SquirrelMail 1.5.1cvs change_password > plugin can be used with SquirrelMail 1.4.x too. > Thanks, change_password_1.5.1cvs works as expected. Manfred Debug Output: Verbindung zum LDAP Server LDAP set option successful. LDAP SetOption: 3 LDAP bind successful. BIND-DN: -------------------------------------------------------- * count =>1 * 0 => o cn => + count =>1 + 0 =>Manfred Langthaller o 0 =>cn o sn => + count =>1 + 0 =>Langthaller o 1 =>sn o count =>2 o dn =>cn=Manfred Langthaller,ou=Benutzer,dc=xxx,dc=ac,dc=at -------------------------------------------------------- LDAP bind successful. BIND-DN: cn=Manfred Langthaller,ou=Benutzer,dc=xxx,dc=ac,dc=at -------------------------------------------------------- * count =>1 * 0 => o cn => + count =>1 + 0 =>Manfred Langthaller o 0 =>cn o sn => + count =>1 + 0 =>Langthaller o 1 =>sn o userpassword => + count =>1 + 0 =>{SSHA}notmyrealPWHashldPimsddkDg1WwVAg== o 2 =>userpassword o count =>3 o dn =>cn=Manfred Langthaller,ou=Benutzer,dc=xxx,dc=ac,dc=at -------------------------------------------------------- We could not retrieve your old password from the LDAP server. |