Issue #351 has been updated by Clément OUDOT. Status changed from New to Assigned Assigned to set to Clément OUDOT
Hi Otrebor, thanks for resubmitting the issue. Could you show us the content of the file.ldif to know what LDAP modification is done? ---------------------------------------- Bug #351: Allow binddn to be one that is not a manager http://tools.lsc-project.org/issues/351 Author: Otrebor Otrebor Status: Assigned Priority: Normal Assigned to: Clément OUDOT Category: Self Service Password Target version: self-service-password-0.7 Hello we have a restricted LDAP, so connecting anonymously is allowed but won't reveal any data. So, to perform basic queries one needs to connect with either his user credentials or a special user that is allowed to read a number of entries (eg: uid=anonuser,ou=services,dc=example,dc=com) With this in place, performing a password change fails with LDAP Error: PHP Warning: ldap_mod_replace(): Modify: Insufficient access in /srv/www/htdocs/self-service-password/lib/functions.inc.php on line 254, referer: https://my.url.com/ssp/index.php Although it seems to connect with the users' credentials. Using ldapmodify -xv -D userdn -W -H ldapurl -f file.ldif from the command line and from the very same system to change the password works without a problem. So I presume it is not a permission problem within the ldap server. the relevant config is like this: $ldap_binddn = "uid=anonuser,ou=services,dc=example,dc=com"; $ldap_bindpw = "secret"; leaving this empty for anonymous access does not work. and $who_change_password = "user"; Also using Apache Directory Studio on the ldap server with the userdn and password works. The same is true if I add the ldap cn=manager,... into ldap_binddn. However we consider this as a security risk if we have to keep the manager's binddn within the config file. I am not very familiar with php, so debugging this is a bit tricky for me. Thanks for your support Otrebor -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
