Hello
I tried to set up the password plugin to let the users change their passwords in Active Directory (Samba 4):
Everything is done according to the README in the plugin/password directory
Here are the relevant settings from the config.inc.php:
mail root /var/www/roundcubemail/plugins/password # grep \$config config.inc.php
$config['password_driver'] = 'ldap';
$config['password_strength_driver'] = 'ldap';
$config['password_confirm_current'] = true;
$config['password_minimum_length'] = 8;
$config['password_minimum_score'] = 3;
$config['password_log'] = true;
$config['password_login_exceptions'] = null;
$config['password_hosts'] = null;
$config['password_force_save'] = false;
$config['password_force_new_user'] = false;
$config['password_algorithm'] = 'ad';
$config['password_algorithm_prefix'] = '';
$config['password_blowfish_cost'] = 12;
$config['password_disabled'] = false;
$config['password_username_format'] = '%u';
$config['password_http_client'] = [];
$config['password_ldap_host'] = 'addc.somedomain.org';
$config['password_ldap_port'] = '389';
$config['password_ldap_starttls'] = true;
$config['password_ldap_version'] = '3';
$config['password_ldap_basedn'] = 'dc=somedomain,dc=org';
$config['password_ldap_method'] = 'user';
$config['password_ldap_adminDN'] = null;
$config['password_ldap_adminPW'] = null;
$config['password_ldap_searchDN'] = 'CN=roundcube,OU=serviceaccounts,DC=somedomain,dc=org';
$config['password_ldap_searchPW'] = 'Qwerty123';
$config['password_ldap_search_base'] = 'dc=somedomain,dc=org';
$config['password_ldap_search_filter'] = '(&(objectCategory=Person)(mail=%u))';
$config['password_ldap_encodage'] = 'ad';
$config['password_ldap_pwattr'] = 'userPassword';
$config['password_ldap_force_replace'] = true;
$config['password_ldap_lchattr'] = 'PwdLastSet';
$config['password_ldap_samba_pwattr'] = '';
$config['password_ldap_samba_lchattr'] = '';
$config['password_ldap_ppolicy_cmd'] = 'change_ldap_pass.pl';
$config['password_ldap_ppolicy_uri'] = 'ldaps://addc.somedomain.org:636/';
$config['password_ldap_ppolicy_basedn'] = 'dc=somedomain,dc=org';
$config['password_ldap_ppolicy_searchDN'] = 'CN=roundcube,OU=serviceaccounts,DC=somedomain,dc=org';
$config['password_ldap_ppolicy_searchPW'] = 'Qwerty123';
$config['password_ldap_ppolicy_search_filter'] = '(&(objectCategory=Person)(mail=%u))';
$config['password_ldap_ppolicy_cafile'] = '/etc/ssl/cacert.crt';
With these settings when I try to change a user's password I see the following in the logs:
[07-Feb-2023 07:49:54 UTC] PHP Fatal error: Uncaught ArgumentCountError: ldap_first_attribute() expects exactly 2 arguments, 3 given in /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2/Entry.php:367
Stack trace:
#0 /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2/Entry.php(367): ldap_first_attribute()
#1 /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2/Entry.php(179): Net_LDAP2_Entry->setAttributes()
#2 /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2/Entry.php(242): Net_LDAP2_Entry->__construct()
#3 /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2/Search.php(190): Net_LDAP2_Entry::createConnected()
#4 /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2/RootDSE.php(81): Net_LDAP2_Search->shiftEntry()
#5 /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2.php(1505): Net_LDAP2_RootDSE::fetch()
#6 /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2/Schema.php(136): Net_LDAP2->rootDse()
#7 /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2.php(1563): Net_LDAP2_Schema::fetch()
#8 /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2/Entry.php(360): Net_LDAP2->schema()
#9 /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2/Entry.php(179): Net_LDAP2_Entry->setAttributes()
#10 /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2/Entry.php(242): Net_LDAP2_Entry->__construct()
#11 /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2/Search.php(190): Net_LDAP2_Entry::createConnected()
#12 /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2/RootDSE.php(81): Net_LDAP2_Search->shiftEntry()
#13 /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2.php(1505): Net_LDAP2_RootDSE::fetch()
#14 /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2.php(620): Net_LDAP2->rootDse()
#15 /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2.php(444): Net_LDAP2->startTLS()
#16 /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2.php(339): Net_LDAP2->performConnect()
#17 /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2.php(207): Net_LDAP2->bind()
#18 /roundcubemail-1.5.3/plugins/password/drivers/ldap.php(177): Net_LDAP2::connect()
#19 /roundcubemail-1.5.3/plugins/password/drivers/ldap.php(44): rcube_ldap_password->search_userdn()
#20 /roundcubemail-1.5.3/plugins/password/password.php(393): rcube_ldap_password->save()
#21 /roundcubemail-1.5.3/plugins/password/password.php(183): password->_save()
#22 /roundcubemail-1.5.3/program/lib/Roundcube/rcube_plugin_api.php(573): password->password_save()
#23 /roundcubemail-1.5.3/program/include/rcmail.php(248): rcube_plugin_api->exec_action()
#24 /roundcubemail-1.5.3/index.php(283): rcmail->action_handler()
#25 {main}
thrown in /roundcubemail-1.5.3/vendor/pear/net_ldap2/Net/LDAP2/Entry.php on line 367
The webui shows me the following:
Oops... something went wrong!
An internal error has occurred. Your request cannot be processed at this time.
If I change driver to ldap_simple or ldap_exop and try to change password there is just nothing in the logs
and there is a "connection error" message in the web ui.
Do you have any idea what I did wrong?
May be someone who managed to make it work can share his/her relevant config strings?
Maksim Rodin
