[dev] Active Directory Development

[Mike Peachey]

I am looking for some advice.

I am attempting to put get horde-webmail-1.0.4 going in a production 
environment with Authentication and Grouping based on Active Directory 
from a Win2003 AD server. The problem is there are a lot of changes I 
need to make to make it properly compatible.

For example, in Groups/ldap.php, the function getGroupMemberships 
searches LDAP groups for member=username when in AD this is served up as 
member=User's full DN. My temporary solution to this is to add a third 
parameter that is false by default in getGroupMemberships, and then when 
the group memberships are requested in services/shares/edit.php, I pass 
the third parameter $auth->_findDN(Auth::getAuth()) to correctly search 
for groups.

The problem with this one is that I don't yet know where else in the 
code I am going to have to make changes to allow for this, and once I 
do, I am going to have to document every single change and then re-make 
them when the system is upgraded.

There is another one that I haven't started on yet which is nested 
groups in Active Directory. Currently, Horde will search for group 
memberships only at one level, but I need it to check for group members 
that are groups, and then recursively search through them too. But 
before I start on this task, I'd rather ensure that my changes have a 
chance of making it into the Horde source, or at least make the changes 
AROUND the current source, so that when I upgrade at a later date, the 
changes will remain or will be easy to replace.

I have two problems with this:

1. Because I'm not totally familiar with the design structure of Horde, 
it is going to take me a while to actually work out HOW I should be 
doing things and how certain modules are extending each other and what 
public functions I should be aware of. For example, in creating a new 
section of code or making specific changes to functions to take account 
of AD compatibility, I don't know whether I should be adding a whole new 
authentication module called AD as a selectable option instead of ldap 
and pam and the rest, or whether I should be adding a true/false 
condition within the current LDAP structure that says "this LDAP 
is/isn't an AD server".

2. I'm currently working on the source of horde-webmail-1.0.4 which is 
already out of date, if I'm going to develop new code for the project 
(assuming I'm even allowed to) then I should be working out of the 
current CVS HEAD. The problem with this is that, at the same time, I'm 
still trying to run Horde in a production environment and I don't know 
how likely I am to come across really serious bugs within the current 
source that are going to adversely affect users.

I could really do with some advice here - I'm not used to contributing 
to projects, usually I'm just making subtle changes to integrate things 
into our environment (such as the hell I had with customising RT) - but 
the number of changes that I need to make for Horde AD integration means 
it's really worth my while trying to properly help out with the project 
as a whole for my benefit and everyone else's.

My mind is hanging by a thread now thanks to that large section of 
verbal diarrhoea, so I shall stop now - but if someone could get back to 
me about this I'd really appreciate it.
-- 
Kind Regards,

__________________________________________________

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__________________________________________________