[cvs] [Wiki] changed: CustomizingPreferences

Wiki Guest wikiguest at horde.org
Thu Jan 8 08:05:47 UTC 2009 

guest [195.28.83.205]  Thu, 08 Jan 2009 03:05:47 -0500

Modified page: http://wiki.horde.org/CustomizingPreferences
New Revision:  3.2
Change log:  added modifications of KMM's hooks, for the Active  
Directory in Windows 2003 domain

@@ -326,8 +326,137 @@
  }
  </code>

  KMM
+
+-----
+
++++++ modifications to connect to the "Active Directory" in the  
Windows 2003 domain
+
+I've made some modifications of KMM's hooks, and inserted new one for  
the identity's name - ID.
+	To work, you have to add the 'hook' => 'true', to $prefs['id'] , to  
$prefs['fullname'] , and to $prefs['from_addr'] in the prefs.php file.
+More info:
+- Theese hooks were modified and tested for the "Active Directory"  
enviroment on the Windows 2003 (+SP2) server/domain.
+- Horde was set to authenticate against the same "Active Directory",  
so conf.php does have all necessary information that may be used later  
in the hooks.
+- Hooks variables containing ldap connection information can be  
directed to mentioned conf.php .
+
+<code type="php">
+if (!function_exists('_prefs_hook_id')) {
+   function _prefs_hook_id($uid = null)
+   {
+        global $conf;
+        $ldapServer = $conf['auth']['params']['hostspec'];	// will  
read server info from the conf.php, but can be changed to simple IP  
address or FQDN if necessary = server.domain.com .
+        $ldapPort = '3268';
+        $binddn = $conf['auth']['params']['binddn'];		// will read  
the binddn user from the conf.php required to authenticate against  
ldap. can be changed to 'user at domain.com' .
+        $bindpw = $conf['auth']['params']['password'];		// will read  
the $binddn user's password from the conf.php required to authenticate  
against ldap. can be changed to simple text = 'PASSWORD' .
+        $searchBase = $conf['auth']['params']['basedn'];	// will read  
the $basedn from the conf.php, but can be changed to =  
'ou=SomeOrgUnit,dc=domain,dc=com' .
+        $ds = ldap_connect($ldapServer, $ldapPort);
+        ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);	//  
specify the LDAP protocol to use the version 3 .
+        ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);		// to be able  
to perform the searches on Windows 2003 Server Active Directory, this  
option must be set.
+
+        if (is_null($uid)) {
+            $uid = Auth::getAuth();
+        }
+
+        if (ldap_bind($ds, $binddn, $bindpw)) {
+            $searchResult = ldap_search($ds, $searchBase,  
$conf['auth']['params']['uid'] . '=' . $uid);
+        }
+
+        $information = ldap_get_entries($ds, $searchResult);
+
+        // Get the cn or GECOS value; could also pull givenName + sn  
but that usually == cn
+        if ($information[0]['cn'][0] != '') {
+            $id = $information[0]['cn'][0];
+        } else {
+            $id = $information[0]['gecos'][0];
+        }
+
+        ldap_close($ds);
+
+        return $id;
+    }
+}
+</code>
+
+<code type="php">
+if (!function_exists('_prefs_hook_fullname')) {
+   function _prefs_hook_fullname($uid = null)
+   {
+        global $conf;
+        $ldapServer = $conf['auth']['params']['hostspec'];	// will  
read server info from the conf.php, but can be changed to simple IP  
address or FQDN if necessary = server.domain.com .
+        $ldapPort = '3268';
+        $binddn = $conf['auth']['params']['binddn'];		// will read  
the binddn user from the conf.php required to authenticate against  
ldap. can be changed to 'user at domain.com' .
+        $bindpw = $conf['auth']['params']['password'];		// will read  
the $binddn user's password from the conf.php required to authenticate  
against ldap. can be changed to simple text = 'PASSWORD' .
+        $searchBase = $conf['auth']['params']['basedn'];	// will read  
the $basedn from the conf.php, but can be changed to =  
'ou=SomeOrgUnit,dc=domain,dc=com' .
+        $ds = ldap_connect($ldapServer, $ldapPort);
+        ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);	//  
specify the LDAP protocol to use the version 3 .
+        ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);		// to be able  
to perform the searches on Windows 2003 Server Active Directory, this  
option must be set.
+
+        if (is_null($uid)) {
+            $uid = Auth::getAuth();
+        }
+
+        if (ldap_bind($ds, $binddn, $bindpw)) {
+            $searchResult = ldap_search($ds, $searchBase,  
$conf['auth']['params']['uid'] . '=' . $uid);
+        }
+
+        $information = ldap_get_entries($ds, $searchResult);
+
+        // Get the cn or GECOS value; could also pull givenName + sn  
but that usually == cn
+        if ($information[0]['cn'][0] != '') {
+            $name = $information[0]['cn'][0];
+        } else {
+            $name = $information[0]['gecos'][0];
+        }
+
+        ldap_close($ds);
+
+        return $name;
+    }
+}
+</code>
+
+<code type="php">
+if (!function_exists('_prefs_hook_from_addr')) {
+    function _prefs_hook_from_addr($uid = null)
+    {
+        global $conf;
+        $domain_name = 'domain.com';
+        $ldapServer = $conf['auth']['params']['hostspec'];	// will  
read server info from the conf.php, but can be changed to simple IP  
address or FQDN if necessary = server.domain.com .
+//        $ldapPort = '3268';
+        $binddn = $conf['auth']['params']['binddn'];		// will read  
the binddn user from the conf.php required to authenticate against  
ldap. can be changed to 'user at domain.com' .
+        $bindpw = $conf['auth']['params']['password'];		// will read  
the $binddn user's password from the conf.php required to authenticate  
against ldap. can be changed to simple text = 'PASSWORD' .
+        $searchBase = $conf['auth']['params']['basedn'];	// will read  
the $basedn from the conf.php, but can be changed to =  
'ou=SomeOrgUnit,dc=domain,dc=com' .
+        $ds = ldap_connect($ldapServer, $ldapPort);
+        ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);	//  
specify the LDAP protocol to use the version 3 .
+        ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);		// to be able  
to perform the searches on Windows 2003 Server Active Directory, this  
option must be set.
+
+        if (is_null($uid)) {
+            $uid = Auth::getAuth();
+        }
+
+        // If your search scope is more than one, substitute  
ldap_search for ldap_list
+        if (ldap_bind($ds, $binddn, $bindpw)) {
+            $searchResult = ldap_search($ds, $searchBase,  
$conf['auth']['params']['uid'] . '=' . $uid);
+        }
+
+        $information = ldap_get_entries($ds, $searchResult);
+
+        // derive the email address if possible
+        if ($information[0]['mail'][0] != '') {
+            $emailname = $information[0]['mail'][0];
+        } else {
+            $emailname = $information[0]['uid'][0] . '@' . $domain_name;
+        }
+
+        ldap_close($ds);
+
+        return $emailname;
+    }
+}
+</code>
+
+Daniel

  -----

  For the environments where users are authenticated against IMAP  
server and all users have at least one email address  with the same  
domain name like others in the form username at domain.name, you can  
create a hook which adds this implicit address to the default  
identity. This can be usefull for Horde modules like WHUPS operate  
with default e-mail addresses of users. I didn't use preference hook  
for "from_addr" because what I really needed is not the default  
address for new identities, but the value for the default identity,  
even when the identity already exists. From prefs hook I was unable to  
write to other preferences (do not know why), so I created a  
postauthentication hook which does everything needed. The only thing I  
have not resolved is how to tell the preferences cache to update the  
data immediatelly. But in the database everything is stored so this  
resolves at the next login automatically.

More information about the cvs mailing list