Bug #350
Allow binddn to be one that is not a manager
| Status: | Closed | Start: | 18/10/2011 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| Problem in version: | 0.6 |
Description
Hello
we have a restricted LDAP, so connecting anonymously is allowed but won't reveal any data.
So, to perform basic queries one needs to connect with either his user credentials or a special user that is allowed to read a number of entries (eg: uid=anonuser,ou=services,dc=example,dc=com)
With this in place, performing a password change fails with LDAP Error:
PHP Warning: ldap_mod_replace(): Modify: Insufficient access in /srv/www/htdocs/self-service-password/lib/functions.inc.php on line 254, referer: https://my.url.com/ssp/index.php
Although it seems to connect with the users' credentials.
Using ldapmodify -xv -D userdn -W -H ldapurl -f ${LDIF_FILE} from the command line and from the very same system to change the password works without a problem.
So I presume it is not a permission problem within the ldap server.
History
Updated by Otrebor Otrebor 7 months ago
Additional info:
$ldap_binddn = "uid=anonuser,ou=services,dc=example,dc=com";
$ldap_bindpw = "secret";
leaving this empty for anonymous access does not work.
Also using Apache Directory Studio on the ldap server with the userdn and password works.
The same is true if I add the ldap cn=manager,... into ldap_binddn. However we consider this as a security risk if we have to keep the manager's binddn within the config file.
I am not very familiar with php, so debugging this is a bit tricky for me.
Thanks for your support
Otrebor
Updated by Clément OUDOT 7 months ago
- Category deleted (
Core) - Status changed from New to Closed
Hi,
you are using the wrong tracker. Please open your issue here: http://tools.ltb-project.org/projects/ltb/issues/new