Issue #351 has been updated by Clément OUDOT. Target version changed from self-service-password-? to self-service-password-0.9
---------------------------------------- Bug #351: Allow binddn to be one that is not a manager http://tools.lsc-project.org/issues/351 Author: Otrebor Otrebor Status: Closed Priority: Normal Assigned to: Clément OUDOT Category: Self Service Password Target version: self-service-password-0.9 Hello we have a restricted LDAP, so connecting anonymously is allowed but won't reveal any data. So, to perform basic queries one needs to connect with either his user credentials or a special user that is allowed to read a number of entries (eg: uid=anonuser,ou=services,dc=example,dc=com) With this in place, performing a password change fails with LDAP Error: PHP Warning: ldap_mod_replace(): Modify: Insufficient access in /srv/www/htdocs/self-service-password/lib/functions.inc.php on line 254, referer: https://my.url.com/ssp/index.php Although it seems to connect with the users' credentials. Using ldapmodify -xv -D userdn -W -H ldapurl -f file.ldif from the command line and from the very same system to change the password works without a problem. So I presume it is not a permission problem within the ldap server. the relevant config is like this: $ldap_binddn = "uid=anonuser,ou=services,dc=example,dc=com"; $ldap_bindpw = "secret"; leaving this empty for anonymous access does not work. and $who_change_password = "user"; Also using Apache Directory Studio on the ldap server with the userdn and password works. The same is true if I add the ldap cn=manager,... into ldap_binddn. However we consider this as a security risk if we have to keep the manager's binddn within the config file. I am not very familiar with php, so debugging this is a bit tricky for me. Thanks for your support Otrebor -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
