[horde] alarms - permission denied

Volker Then horde40 at volkerthen.com
Tue Mar 18 14:57:30 UTC 2008

Quoting Jan Schneider <jan at horde.org>:

> Zitat von Michael Redinger <Michael.Redinger at uibk.ac.at>:
>> Jan Schneider schrieb:
>>> Zitat von Michael Redinger <Michael.Redinger at uibk.ac.at>:
>>>> Hash: SHA1
>>>> Jan Schneider wrote:
>>>>> Zitat von Michael Redinger <Michael.Redinger at uibk.ac.at>:
>>>>>> ok, I tried to track this down:
>>>>>> I call the alarm script eg. as root like this:
>>>>>> /usr/bin/php /var/www/html/horde/admin/alarms.php
>>>>>> alarms.php checks if the user has admin permissions:
>>>>>> if (!Auth::isAdmin()) {
>>>>>>     Horde::authenticationFailureRedirect();
>>>>>> }
>>>>> These lines don't exist in alarms.php.
>>>> Oops, sorry, at some point I got the file wrong (admin/alarms.php
>>>> instead of scripts/alarm.php).
>>>> However, the problem is real, "only" the description was wrong ... And
>>>> if I read the code correctly, the question stays the same:
>>>> How should the session be set correctly by the alarm script if called
>>>> from the command line?
>>>> Back to scripts/alarms.php:
>>>> I tracked the problem down to kronolith/lib/api.php, function
>>>> _kronolith_listAlarms($time, $user = null) (same for nag):
>>>> $current_user = Auth::getAuth();
>>>> if ((empty($user) || $user != $current_user) && !Auth::isAdmin()) {
>>>> If I read the code correctly, scripts/alarms.php calls the alarm notify
>>>> function with the user set to null (first parameter). This function then
>>>> calls notify, which calls listAlarms, which calls load. Next,
>>>> $registry->callByPackage actually switches to the kronolith api
>>>> (listAlarms).
>>> scripts/alarms.php sets the user before calling notify().
>> Could you please elaborate? I did not find this.
>> I only noted AUTH_HANDLER being defined, which is used at two places in
>> the Horde library but not by kronolith and nag in api.php.
> Gosh! It looks like I never committed this piece of code that's
> running locally for a few weeks now. My apologies.
> Jan.

Hi Jan,

now there are Auth-Errors in the log, everytime the alarm script is running:

Mar 18 15:53:01 HORDE [error] [horde] More than one DN returned from  
search; unable to determine user's correct DN. [pid 24728 on line 230  
of "/usr/share/php/Horde/Prefs/ldap.php"]
Mar 18 15:53:01 HORDE [error] [horde] Failed to connect to the LDAP  
server. [pid 24728 on line 335 of "/usr/share/php/Horde/Prefs/ldap.php"]
Mar 18 15:53:01 HORDE [error] [horde] Unable to modify user's  
objectClass for preferences: [53] Server is unwilling to perform [pid  
24728 on line 483 of "/usr/share/php/Horde/Prefs/ldap.php"]

What's wrong?



More information about the horde mailing list