[commits] [Wiki] created: RemoteImapImpHook

[Wiki Guest]

guest [62.243.121.218]  Mon, 18 Mar 2013 11:29:19 +0000

Created page: http://wiki.horde.org/RemoteImapImpHook

+ Access a Remote IMAP Server with a Different Login !HowTo

Written by Ole Wolf (ole [at] naturloven [dot] dk)

The following hook lets local users who sign on to Horde with SQL,  
LDAP, etc. access a remote IMAP server where they've been created with  
different usernames and passwords than their Horde logins.


++ Custom Database

Add a custom table named ''custom_mailusers'' to your Horde database  
using your favorite database manager. The table should contain three  
VARCHAR fields using the first one as a key:

* username VARCHAR(40)
* imapusername VARCHAR(40)
* imappassword VARCHAR(40)

This table contains the local usernames in ''username'' and their  
corresponding usernames and passwords on the remote IMAP server in  
''imapusername'' and ''imappassword''. Note that you'll have to  
somedhow manage this database table yourself.


++ IMAP Server ++

Setup the remote IMAP server as you would setup any IMAP server in  
IMP's backends file. Make a note of the $servers entry, as this will  
be used in the hook, below.


++ Hook

The following hook in IMP's ''hooks.local.php'' file reads from the  
database using the Horde database login and translates the local login  
username to the remote IMAP server's username and password:

<code>
     public function preauthenticate( $userId, $credentials )
     {
         global $conf;

         require dirname( __FILE__ ) . '/../config/conf.php';

         if( ! empty( $userId ) )
         {
             // Lookup IMAP username and password for the preferred username
             // in the custom table that is stored in the horde database.
             $dbhost   = $conf[ 'server' ][ 'name' ];
             $dbuser   = $conf[ 'sql' ][ 'username' ];
             $dbpasswd = $conf[ 'sql' ][ 'password' ];
             $dbname   = $conf[ 'sql' ][ 'database' ];
             $mysqli = new mysqli( "localhost", $dbuser, $dbpasswd, $dbname );
             if( $mysqli->connect_error )
             {
                 die( 'Cannot access username mapping database' );
             }
             $res = $mysqli->query( "SELECT imapusername, imappassword  
FROM custom_mailusers WHERE username='" . $mysqli->escape_string(  
$userId ) . "'" );
             if( ! $res )
             {
                 Horde::logMessage( $mysqli->error, 'ERR' );
                 die( 'Cannot query username mapping database' );
             }
             $newCred = $res->fetch_assoc( );
             if( $newCred === false )
             {
                 die( 'Cannot read username from database' );
             }
             $imapUserId = $newCred[ 'imapusername' ];
             $imapPasswd = $newCred[ 'imappassword' ];

             Horde::logMessage( "Translating login $userId to  
$imapUserId", 'INF' );

             // Login with the IMAP credentials.
             $server      = 'imap';
             $credentials = array( 'server'      => $server,
                                   'transparent' => true,
                                   'password'    => $imapPasswd
                                   );
             return array( 'credentials' => $credentials,
                           'userId'      => $imapUserId );
         }

         return true;
     }
</code>

Replace the ''$server = ''imap'' content with that of your  
backends.php entry if necessary.


++ Security Issues

Since this hook assumes that Horde has authenticated the user, '''do  
not''' use this hook if you're using the IMP application to login  
with, as this will enable anyone who is registered as a user to login  
regardless of password!

Also, note that the user passwords are stored in plain text in the database.