Issue #350 has been updated by Otrebor Otrebor.
Additional info: $ldap_binddn = "uid=anonuser,ou=services,dc=example,dc=com"; $ldap_bindpw = "secret"; leaving this empty for anonymous access does not work. Also using Apache Directory Studio on the ldap server with the userdn and password works. The same is true if I add the ldap cn=manager,... into ldap_binddn. However we consider this as a security risk if we have to keep the manager's binddn within the config file. I am not very familiar with php, so debugging this is a bit tricky for me. Thanks for your support Otrebor ---------------------------------------- Bug #350: Allow binddn to be one that is not a manager http://tools.lsc-project.org/issues/350 Author: Otrebor Otrebor Status: New Priority: Normal Assigned to: Category: Core Target version: Problem in version: 0.6 Hello we have a restricted LDAP, so connecting anonymously is allowed but won't reveal any data. So, to perform basic queries one needs to connect with either his user credentials or a special user that is allowed to read a number of entries (eg: uid=anonuser,ou=services,dc=example,dc=com) With this in place, performing a password change fails with LDAP Error: PHP Warning: ldap_mod_replace(): Modify: Insufficient access in /srv/www/htdocs/self-service-password/lib/functions.inc.php on line 254, referer: https://my.url.com/ssp/index.php Although it seems to connect with the users' credentials. Using ldapmodify -xv -D userdn -W -H ldapurl -f ${LDIF_FILE} from the command line and from the very same system to change the password works without a problem. So I presume it is not a permission problem within the ldap server. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-dev mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-dev
