[horde] alarms - permission denied
Volker Then
horde40 at volkerthen.com
Tue Mar 18 14:57:30 UTC 2008
Quoting Jan Schneider <jan at horde.org>:
> Zitat von Michael Redinger <Michael.Redinger at uibk.ac.at>:
>
>> Jan Schneider schrieb:
>>> Zitat von Michael Redinger <Michael.Redinger at uibk.ac.at>:
>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>>
>>>>
>>>> Jan Schneider wrote:
>>>>> Zitat von Michael Redinger <Michael.Redinger at uibk.ac.at>:
>>>>>
>>>>>> ok, I tried to track this down:
>>>>>>
>>>>>> I call the alarm script eg. as root like this:
>>>>>>
>>>>>> /usr/bin/php /var/www/html/horde/admin/alarms.php
>>>>>>
>>>>>> alarms.php checks if the user has admin permissions:
>>>>>> if (!Auth::isAdmin()) {
>>>>>> Horde::authenticationFailureRedirect();
>>>>>> }
>>>>> These lines don't exist in alarms.php.
>>>> Oops, sorry, at some point I got the file wrong (admin/alarms.php
>>>> instead of scripts/alarm.php).
>>>> However, the problem is real, "only" the description was wrong ... And
>>>> if I read the code correctly, the question stays the same:
>>>> How should the session be set correctly by the alarm script if called
>>>> from the command line?
>>>> Back to scripts/alarms.php:
>>>>
>>>> I tracked the problem down to kronolith/lib/api.php, function
>>>> _kronolith_listAlarms($time, $user = null) (same for nag):
>>>>
>>>> $current_user = Auth::getAuth();
>>>> if ((empty($user) || $user != $current_user) && !Auth::isAdmin()) {
>>>>
>>>> If I read the code correctly, scripts/alarms.php calls the alarm notify
>>>> function with the user set to null (first parameter). This function then
>>>> calls notify, which calls listAlarms, which calls load. Next,
>>>> $registry->callByPackage actually switches to the kronolith api
>>>> (listAlarms).
>>>
>>> scripts/alarms.php sets the user before calling notify().
>>
>> Could you please elaborate? I did not find this.
>> I only noted AUTH_HANDLER being defined, which is used at two places in
>> the Horde library but not by kronolith and nag in api.php.
>
> Gosh! It looks like I never committed this piece of code that's
> running locally for a few weeks now. My apologies.
>
> Jan.
>
Hi Jan,
now there are Auth-Errors in the log, everytime the alarm script is running:
Mar 18 15:53:01 HORDE [error] [horde] More than one DN returned from
search; unable to determine user's correct DN. [pid 24728 on line 230
of "/usr/share/php/Horde/Prefs/ldap.php"]
Mar 18 15:53:01 HORDE [error] [horde] Failed to connect to the LDAP
server. [pid 24728 on line 335 of "/usr/share/php/Horde/Prefs/ldap.php"]
Mar 18 15:53:01 HORDE [error] [horde] Unable to modify user's
objectClass for preferences: [53] Server is unwilling to perform [pid
24728 on line 483 of "/usr/share/php/Horde/Prefs/ldap.php"]
What's wrong?
Bye
Volker
More information about the horde
mailing list