Issue configuring Roundcube Password plugin with LDAP (lldap/lldap:stable)

[Cascuda]

Hi everyone,

I have a mail server running with DockerMailServer authenticating against LDAP (lldap/lldap:stable). Everything works fine so far: user logins against LDAP work perfectly, and Roundcube itself can authenticate without issues.

From inside the Roundcube container, if I install the LDAP tools and drop into Bash, I can run commands like ldapsearch or ldappasswd and successfully change user passwords directly in LDAP.

The problem is with the Roundcube password plugin. I cannot get it properly configured to connect to my LDAP server and allow users to change their password from the web interface.

To summarize:

• DockerMailServer + LDAP (lldap) is working.
• Roundcube login against LDAP works.
• From inside the Roundcube container, I can use ldappasswd to change passwords (so LDAP connection itself is fine).

Has anyone managed to get this working with lldap and could share a working plugin configuration (or some hints on what's missing)?

Thanks in advance!

[Cascuda]

Last night I forgot to attach the configuration I use in the plugin, just in case the error is there. I'd appreciate any help.

Code Select Expand

<?php
$rcmail_config['password_driver'] = 'ldap';
$rcmail_config['password_ldap_host'] = 'ldap://mail-server_lldap:3890';
$rcmail_config['password_ldap_base'] = 'ou=people,dc=dockermailserver,dc=lan';
$rcmail_config['password_ldap_userDN'] = 'uid=%u,ou=people,dc=dockermailserver,dc=lan'; 
$rcmail_config['password_ldap_pass'] = 'xxxXXXxxxXXXxxx';
$rcmail_config['password_ldap_method'] = 'plain'; 
$rcmail_config['password_ldap_starttls'] = false; 
$rcmail_config['password_ldap_debug'] = false;

[Cascuda]

The original Roundcube password plugin didn't work for me with LDAP, so I built my own solution. I created an API that handles the password update in LDAP, and modified the plugin so that it only validates the input and sends the request in JSON to that API.

This way, Roundcube is just the interface while the actual password change happens in the backend.