[Tickets #8293] Re: LDAP Auth driver should have configurable capabilities

noreply at bugs.horde.org noreply at bugs.horde.org
Wed Jan 14 15:28:11 UTC 2015


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: https://bugs.horde.org/ticket/8293
------------------------------------------------------------------------------
  Ticket             | 8293
  Updated By         | grafnetter at dekanat.mff.cuni.cz
  Summary            | LDAP Auth driver should have configurable capabilities
  Queue              | Horde Framework Packages
  Version            | FRAMEWORK_3
  Type               | Enhancement
  State              | Rejected
  Priority           | 1. Low
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


grafnetter at dekanat.mff.cuni.cz (2015-01-14 15:28) wrote:

I would also like to see this feature implemented.

In our environment, the LDAP database is read-only for Horde and user  
management is done throuhgh other means. If someone tries to perform a  
write operation in Horde (add, update, resetpassword, remove), he gets  
an error.

Therefore, the ability to disable these capabilities at the LDAP  
backend level, so they are not exposed in the UI would be great.

I temporarily edited my local copy of Horde/Auth/Ldap.php:

protected $_capabilities = array(
'add' => false,
'update' => false,
'resetpassword' => false,
'remove' => false,
'list' => true,
'authenticate' => true,
);

Although it works, it is of course not a viable solution. It would be  
much better if this could be done through configuration.





More information about the bugs mailing list