[horde] Imp authorization and user maintenance

Chuck Hagenbuch chuck at horde.org
Mon Dec 16 21:20:42 PST 2002 

Quoting Ned Zimmerman <nzimmerm at sulfur.scs.uiuc.edu>:

> So this is what I would *like* to do.  At the moment I successfully
> have Horde authenticating via imp to my imaps server on localhost,
> which is I gather what it is supposed to do.  I want to be able to use
> kronolith to create shared calendars that can be accessed by generic
> users.  I want to be able to create and authenticate these generic
> users against an sql backend so that I do not have to create the
> accounts on my imaps server.  There should also be an administrator
> account authenticating through the sql backend for administering these
> generic users, but NOT the users on the imaps server.

Okay. What you need is a way of telling who you're authenticating - an IMAP 
user or a SQL user.

> Is there a way to do this with the existing composite driver?

Yes, assuming that you have a distinguishing factor as above.

> Here is what I put in my conf.php file:

Oy. Try the syntax I used; I at least find it a lot easier to read than 
writing out each array assignment. It's likely to be faster, too.

> // And now the '_horde_select_loginscreen' function expected above
> function _horde_select_loginscreen() {
>          return 'sql';
>          }
> 
> So far, using the config as shown above I can get authentication
> through imp if _horde_select_loginscreen returns 'imp', but no
> authentication for an sql user.  if I switch the
> _horde_select_loginscreen to return 'sql', horde successfully
> authenticates the sql user, but imp authentication is bypassed and
> hence I can no longer authenticate against the localhost imaps server.
> (This, of course, is not a surprise).

How do you plan on telling who is authenticating (I think I've asked this 
before ;). Here's a different modified version of my real loginscreen 
function:

if (!function_exists('_horde_select_loginscreen')) {
    function _horde_select_loginscreen()
    {
        if ($_SERVER['SERVER_NAME'] == 'sql-logins.horde.org') {
            return 'sql';
        }
        return 'imp';
    }
}

Note how I return a different driver based on the URL. Can you use 
something like that to distinguish these users? If not, what do you have in 
mind to be able to tell them apart?

> An additional question is how does the $conf['auth']['admins']
> parameter relate to $conf['auth']['params']['admin_driver']?

The admin driver is just the driver that horde/admin/user.php uses.

> Do I need the $conf['auth']['params']['admin_driver'] parameter for
> what I want to do?

Yes.

-chuck

--
Charles Hagenbuch, <chuck at horde.org>
"People ask me all the time what it will be like living without otters."
 - Google, thanks to Harpers

More information about the horde mailing list