[horde] User id numbers

[Jan Schneider]

Zitat von Richard Wallace <rwallace at thewallacepack.net>:

> Jan Schneider wrote:
>> Zitat von Richard Wallace <rwallace at thewallacepack.net>:
>>
>>> Chuck Hagenbuch wrote:
>>>
>>>> Quoting Richard Wallace <rwallace at thewallacepack.net>:
>>>>
>>>>> What would be the best way to associate an id number to a user.  We're
>>>>> going to be using the sql backend and would like to be able to change a
>>>>> users name without affecting how they are seen by the system.  Should I
>>>>> use the tobackend() and frombackend() hooks, or something else?
>>>>
>>>>
>>>>
>>>> You should change their name (i.e, their identity), and leave their userid
>>>> alone; even if you map it to something else in the backend, it'll cause
>>>> problems in Horde if you change it.
>>>
>>>
>>> The only place the user name is really relevant in our usage is during
>>> login, beyond that it doesn't really get used.  We'll be using a custom
>>> Identity implementation (something that uses an app or a db backend to
>>> lookup user info) for anything else.  The user would never see the
>>> actual uid that horde is using.  So if we write a frombackend() hook to
>>> lookup the username and map it to an id, then after the user is
>>> authenticated the setAuth() method will call the addHook() method which
>>> will call the frombackend() hook and use the id instead of the username
>>> from that point on.  So Auth::getAuth() will return the users id, not
>>> the users name.  Which means that the id will be used for prefs and
>>> everything else.  This wouldn't break anything that I can think of and
>>> we could change the users name at will.  Is there something I'm missing
>>> or not thinking of?
>>
>>
>> This is exactly what the frombackend and tobackend hooks were made for. If
>> you hit a problem it's probably a bug because this feature has not been
>> tested extensively yet.
>>
>> Jan.
>>
>
> The only problem I'm afraid that I may run into is with respect to
> groups.  When a user is added to a group, the user name is added to the
> group, not the users id.  So it looks like the frombackend() hook is
> used when presenting the list of users that are in the group and could
> be added to the group, but when the admin submits the form to add users
> to the group the tobackend() hook is never called.  So, when getting a
> list of users for the group via the Group::listUsers() method you get a
> list of user names, not their ids.
>
> The Group::listUsers() thing might not be a problem in and of itself,
> but I'm worried about how the permissions lookups will function.  If you
> do a $groups->hasPermission ('something', Auth::getAuth(), PERMS_SHOW),
> does it do a tobackend() hook call before looking up permissions for the
> groups the user is a member of or not?

Why don't you try it out?

> I'm concerned that the frombackend() and tobackend() hooks are not being
> consistently used.

This is possible. I personally fixed usage of these methods when I hit a
bug, not by going through every line of the code.

> Why thought was that the users name wouldn't get
> used by horde at all beyond login.  I'm confused as to why it returns
> the users name for Group::listUsers() and am wondering where else it
> might be using the name rather than the id.  Thoughts?

It returns them because these are the username that the users know. Here's a
real life example that caused me writing these hooks initially:

I wrote an authentication driver for a legacy CMS. Users login to that CMS
with a simple username. Even though there are a lot CMS instances on the
server as virtual hosts, the usernames are unique because there was one CMS
backend for each host. But I didn't want a separate Horde install for each
CMS, so I needed realms for the user names to distinguish users with the
same username but from different hosts.
The users don't know about all that, but only see their domain, their CMS
and their Horde. And they only know the simple usernames used in the CMS.
If they want to add collegues to a group they wouldn't understand why in
Horde there is a realm with the username, but not in the CMS.

Summary: The main purpose of the hooks is to convert usernames from the
authentication backend to Horde and back.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/