[horde] Re: Some user hooks questions

Kevin Myer kevin_myer at iu13.org
Sat Apr 23 20:19:57 PDT 2005 

Quoting Kevin Myer <kevin_myer at iu13.org>:

>
> I found that when using Administration -> Users to view the users in
> the system,
> if I would click on a user, their Full Name and email address would be
> populated with my information.  So it would seem that the admin module is
> passing my userid to the hook function and not the userid that I'm viewing.
> After looking at the code from the Wiki, it would seem that the Auth::getAuth
> and Auth:getBareAuth calls are what is actually doing this -
> regardless of the
> value of $user passed to the hook, it will always return the info for the
> currently logged in user.  So my question would be - is there an equivalent
> Auth::getAuth function (or maybe not an Auth function but a utility function)
> to lookup values for arbitrary users?

Alright, I was thinking a little bit too hard for this.  The hook in
the Wiki is
actually a little bit buggy.  If $user is passed to the fullname or from_addr
functions and is a value that is not the current user, then Auth::getAuth
shouldn't be used, because that will always return the currently logged in
user.  I just removed all the Auth:getAuth and Auth::getBareAuth calls, threw
in a Auth::removeHook call (needed for our environment) and problem
solved.  It
almost appears that the functions in the Wiki to do this weren't written to
handle anyone but the currently logged in user, because the search is done for
$uid and $uid is always Auth::getBareAuth, regardless of what $user is.  And
unless I'm mistaken, $user will always be some value, so the is_null check is
bogus.

Here's what I ended up using:

if (!function_exists('_prefs_hook_fullname')) {

   function _prefs_hook_fullname($uid = null)
   {
        global $conf;
        $ldapServer = 'yourdirectoryserver';
        $ldapPort = '389';
        $searchBase = 'yoursearchbase';
        $ds = @ldap_connect($ldapServer, $ldapPort);

        if (@ldap_bind($ds)) {
            $searchResult = @ldap_list($ds, $searchBase,
$conf['auth']['params']['uid'] . '=' . $uid);
        }

        $information = @ldap_get_entries($ds, $searchResult);

        // derive the email address if possible
        if ($information[0]['cn'][0] != '') {
           $name = $information[0]['cn'][0];
        } else {
           $name = $information[0]['gecos'][0];
        }

        ldap_close($ds);

        return $name;
   }
}


>
> The lowercase hook worked fine - it was taken verbatim from the
> hooks.php.dist.
>
> My goal with the username hooks was to make more user friendly lists
> of users to
> choose from.  My old config worked like this:

Problem also solved when I realized that the username that I'm entering
at login
isn't going through any hooks prior to getting passed to the authentication
backend.  So I need to keep using a modified login.php, where our domain is
appended.  The problem of the displaying of users also went away after I was a
little bit more careful looking at the code path for the hooks, and what they
really do :)  I had switched my authentication uid from mail to uid, and I was
stripping the length of my domain from the uid, which didn't have a domain on
it anymore.  So my choices came down to:  using the mail attribute for
authentication, which requires that the user either type their entire email
address for their username, or I patch login.php to append it, or I use the uid
attribute, but then I find that the uid list returned by Auth::listUsers
doesn't have Auth:addHook applied to it and when I save entries from the shares
editor, just the uid, and not the uid at domain value is saved.  So I'll just use
the mail attribute of our LDAP entries, unless there's something simple I'm
missing.

So I think my only remaining question is what is the most efficient way to
obtain a more userfriendly list of users?  I'm thinking along the lines of
this:

1)  auth->listUsers returns a userlist to services/shares/edit.php
2)  I write a _username_hook_tobackend function that takes a userid (email
address), and looks up the first and last name of the user (fullname).  Then,
since the shares editor calls Auth::removeHook to display the names, I should
get a list of users by their fullname.  In looking through the code, I'm
thinking the Identity function will do that for me, but I'm concerned that
invoking that 1400 times (which is the # of users we have) will kill
performance.  Unless the Identities are cached..

Thanks,
Kevin

-- 
Kevin M. Myer
Senior Systems Administrator
Lancaster-Lebanon Intermediate Unit 13  http://www.iu13.org

More information about the horde mailing list