[horde] ldap readonly auth with sql users/groups/prefs storage

. . gamb at chemist.com
Fri May 12 15:50:08 PDT 2006 

> ----- Original Message -----
> From: "Ben Chavet" <ben at horde.org>
> To: horde at lists.horde.org
> Subject: Re: [horde] ldap readonly with composite auth
> Date: Mon, 08 May 2006 11:27:03 -0500
> 
> 
> > I would like to use some ldap based composite authentification, 
> > but   our LDAP server is read-only. It is used by others 
> > applications for   auth and I cannot apply any new schema. A 
> > solution would be to use   LDAP for auth and use MySQL for 
> > storing users/groups and their   preferences.
> 
> I think you just answered your own question.  Use LDAP for  
> authentication, SQL for prefs, and the Datatree for Groups (unless 
> you  already have groups defined in your LDAP directory, then just 
> use  those).  As long as horde has read-access to the fields it 
> needs, you  can authenticate against it, and use it for user/group 
> lists.  You  just can't use the horde user administration tools.
> 
> --Ben
> << 1.2.dat >>
> 
> --
> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>

Hello Ben,

tx for your answer. I know the answer is closer than I think, but I dived to deep into this project that 
I cannot see clearely ! I need external and experienced Horde dvp to point it out.

I believe this is technically possible to use both LDAP and SQL with horde,
the first for auth and the second for acl/groups/prefs. I will have to use an interface to handle 
users/groups management, and the one provided with Horde seems to be sufficient. As I have only 
ready access to LDAP, I will have to browse/search LDAP and store new users into local SQL and then 
assign them to local Horde groups in order to manage ACL. I thought someone else encountered the same
environnement and maybe could give some advices : should I write a dedicated driver or could I just 
write a small hack into existing driver, or maybe in an upper code level such login.php...

Some words about our environment : we have a web application that is now obsolete 
(old techno, not flexible, difficult to maintain as lot of things are hard-coded and new features are now required). 
I immediately thought we could use Horde and Horde's Framework as a base, then we should split our 
application in modules (that make sense now) and write missing modules above Horde. 
We would only keep auth and prefs modules. A Workflow module will handle every others modules 
in order to separate roles and apply strict ACL on modules views and actions. I found 
something into Horde's Wiki which promise a lot! The module I need will have to be as flexible as possible :
 several workflows should be able to co-exist, creation of new workflow 'on the fly', should be applied 
to existing SQL groups.

Current studied solutions are linux based (eg: Samba, Horde, Zend) and others are Wintel based (.NET -  
more compliant with current environment).

Any advises are also welcome :-)
Have a nice we!

Gamb


-- 
___________________________________________________
Play 100s of games for FREE! http://games.mail.com/

More information about the horde mailing list