[horde] Imp authorization and user maintenance
Ned Zimmerman
nzimmerm at sulfur.scs.uiuc.edu
Mon Dec 16 20:53:36 PST 2002
On Sunday, December 15, 2002, at 02:02 PM, Chuck Hagenbuch wrote:
> Quoting Tony Earnshaw <tonni at billy.demon.nl>:
>
>> Actually, my IMAP server authenticates against an LDAP directory
>> server
>> using ldaps. Perhaps that's the way to go.
>
> So you have had Horde auth configured to use LDAP? Okay, now we're
> getting
> somewhere. You can do this:
>
> $conf['auth']['driver'] = 'composite';
> $conf['auth']['params'] = array(
> 'drivers' => array('imp' => array('driver' => 'application',
> 'params' => array('app' =>
> 'imp')),
> 'ldap' => array('driver' => 'ldap',
> 'params => array( .... )),
> 'loginscreen_switch' => '_horde_select_loginscreen',
> 'admin_driver' => 'ldap');
>
> if (!function_exists('_horde_select_loginscreen')) {
> function _horde_select_loginscreen()
> {
> return 'imp';
> }
> }
OK, so this looks like something I've been trying to sort out using sql
instead of ldap, and have a few questions about.
So this is what I would *like* to do. At the moment I successfully
have Horde authenticating via imp to my imaps server on localhost,
which is I gather what it is supposed to do. I want to be able to use
kronolith to create shared calendars that can be accessed by generic
users. I want to be able to create and authenticate these generic
users against an sql backend so that I do not have to create the
accounts on my imaps server. There should also be an administrator
account authenticating through the sql backend for administering these
generic users, but NOT the users on the imaps server.
Is there a way to do this with the existing composite driver?
Here is what I put in my conf.php file:
// This is going to be an experimental test of the 'composite' driver
$conf['auth']['driver'] = 'composite';
$conf['auth']['params']['app'] = 'imp';
$conf['auth']['params']['drivers']['imp']['driver'] = 'application';
$conf['auth']['params']['drivers']['imp']['params']['app'] = 'imp';
$conf['auth']['params']['drivers']['sql']['driver'] = 'sql';
$conf['auth']['params']['drivers']['sql']['params']['phptype'] =
'mysql';
$conf['auth']['params']['drivers']['sql']['params']['protocol'] = 'tcp';
$conf['auth']['params']['drivers']['sql']['params']['hostspec'] =
'localhost';
$conf['auth']['params']['drivers']['sql']['params']['username'] =
'horde3';
$conf['auth']['params']['drivers']['sql']['params']['password'] = '<not
shown>';
$conf['auth']['params']['drivers']['sql']['params']['database'] =
'horde3';
$conf['auth']['params']['drivers']['sql']['loginscreen_switch'] =
'_horde_select
_loginscreen';
$conf['auth']['params']['loginscreen_switch'] =
'_horde_select_loginscreen';
// And now the '_horde_select_loginscreen' function expected above
function _horde_select_loginscreen() {
return 'sql';
}
So far, using the config as shown above I can get authentication
through imp if _horde_select_loginscreen returns 'imp', but no
authentication for an sql user. if I switch the
_horde_select_loginscreen to return 'sql', horde successfully
authenticates the sql user, but imp authentication is bypassed and
hence I can no longer authenticate against the localhost imaps server.
(This, of course, is not a surprise).
I have a feeling that there is something fundamental I am not
understanding about how Horde is doing it's authentication and could
use some guidance.
An additional question is how does the $conf['auth']['admins']
parameter relate to $conf['auth']['params']['admin_driver']?
Do I need the $conf['auth']['params']['admin_driver'] parameter for
what I want to do?
Thanks for any help/suggestions that are sent my way,
Ned Zimmerman
More information about the horde
mailing list