-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
new_user_identity: Empty password from$rcube->get_user_password() prevents LDAP connection #7667
Comments
So, it looks like setting |
Fixed. |
@alecpl Is there a chance that this fix can be backported to the |
Just a heads up: after backporting the changes by hand to the |
I didn't really test it ;) Could you show your configuration? Is the user logging with full email address, or just the local part? Did you backport all parts of the patch, e.g. the change in rcube.php. Maybe this part needs to be first in the |
I backported all of the changes in relevant files. User is logging using the local part, but Roundcube's The LDAP address book configuration from $config['ldap_public']['People'] = array(
'name' => 'Example Org',
'hosts' => array(
'ldapserver4.example.org',
'ldapserver3.example.org',
),
'port' => '389',
'use_tls' => true,
'ldap_version' => 3,
'user_specific' => true,
'base_dn' => 'ou=People,dc=gumed,dc=pl',
'bind_dn' => 'uid=%u,ou=People,dc=example,dc=org',
'bind_pass' => '',
'filter' => '(objectClass=inetOrgPerson)',
'scope' => 'sub',
'searchonly' => true,
'vlv' => false,
'sort' => 'sn',
'search_fields' => array(
'sn',
'cn',
'mail',
'telephoneNumber',
),
'hidden' => true,
'writable' => false,
'groups' => array(
'base_dn' => 'ou=Groups,dc=example,dc=org',
'filter' => '(objectClass=groupOfNames)',
'object_classes' => array(
'groupOfNames',
),
),
'fieldmap' => array(
'name' => 'cn',
'firstname' => 'givenName',
'surname' => 'sn',
'jobtitle' => 'title',
'email' => 'mailAddress:*',
'phone:home' => 'homePhone',
'phone:work' => 'telephoneNumber',
'phone:mobile' => 'mobile',
'phone:pager' => 'pager',
'phone:workfax' => 'facsimileTelephoneNumber',
'street' => 'street',
'zipcode' => 'postalCode',
'region' => 'st',
'locality' => 'l',
'website' => 'eduOrgHomePageURI',
'notes' => 'description:*',
'photo' => 'jpegPhoto',
),
); I'm not sure if in the Plugin configuration: $config['new_user_identity_addressbook'] = 'People';
$config['new_user_identity_match'] = 'mail';
$config['new_user_identity_onlogin'] = true; I chose |
I think fdd52a5 should fix the issue. |
@alecpl Yup, works as advertised, thanks! So, how about that backport? :-) |
The change has a (small, but still) potential to break things. So, I will not backport it. |
Hi,
I want to make use of the new_user_identity plugin in my RC installation as using the username is not sufficient to derive the final mail address for the identity. I have setup all connections, but new_user_plugin cannot properly bind to my LDAP server and it forbids binding anonymously. After the login I can connect to my LDAP addressbook. LDAP binds are configured as user-specific.
I investigated and found out that in program/lib/Roundcube/rcube_ldap.php:304 the password cannot be retrieved from $rcube->get_user_password(). Then I had another look to the session object and when it's created and found out $rcube->storage_init() is called after the new_user_plugin. Thus, the bind password for LDAP is not available for the new_user_plugin.
When I replace $bind_pw = $rcube->get_user_password() with the hardwired password, the new_user_identity plugin is working properly. Furthermore, even when not replacing the call to get_user_password(), I can access the address book.
This seems to be a "timing problem" as the $rcube->storage_init() call is done after the new_user_identity plugin runs.
If you need additional information, please give me a hint.
PS: I'm using the roundcube/roundcubemail Docker image.
The text was updated successfully, but these errors were encountered: