[horde] group shares and Active Directory

Jan Schneider jan at horde.org
Mon Jan 10 14:09:05 UTC 2011


Zitat von Goncal Badenes <goncal.badenes at icfo.es>:

> Hi,
>
> we do not manage to get group shares working with our active  
> directory backend. The groups are listed OK in the  
> Administration->Groups section, but the system does not manage to  
> find out which groups a particular user is member of.
>
> In particular, we experience the following behaviour:
> - The list of groups that the users see when they try to share any  
> resource (calendar, task, etc.) is empty unless we set  
> $conf['share']['any_group'] = true;
> - Even if the option above is set to "true", the user cannot access  
> the shared resource. I assume this is because the system does not  
> actually realise which groups the logged on user is member of.
>
> I have seen related messages in the mailing list (e.g.  
> http://lists.horde.org/archives/horde/Week-of-Mon-20090608/037714.html,  
> http://lists.horde.org/archives/horde/Week-of-Mon-20080114/034478.html, or  
> http://lists.horde.org/archives/dev/Week-of-Mon-20080114/022588.html), but  
> so far could not find any solution or workaround for the problem.
>
> Does anyone have suggestions or tips?
>
> Here are the relevant parts of our configuration:
>
> $conf['group']['params']['hostspec'] = 'ldaps://ad1.xxx ldaps://ad2.xxx';
> $conf['group']['params']['basedn'] = 'DC=xxx,DC=xxx';
> $conf['group']['params']['binddn'] = 'xxx at xxx.xxx';
> $conf['group']['params']['password'] = 'xxx';
> $conf['group']['params']['version'] = '3';
> $conf['group']['params']['tls'] = false;
> $conf['group']['params']['gid'] = 'cn';
> $conf['group']['params']['memberuid'] = 'member';
> $conf['group']['params']['attrisdn'] = true;
> $conf['group']['params']['newgroup_objectclass'] = array('top', 'group');
> $conf['group']['params']['objectclass'] = array('group');
> $conf['group']['params']['filter_type'] = 'objectclass';
> $conf['group']['driver'] = 'ldap';
> $conf['group']['cache'] = true;
> $conf['perms']['driverconfig'] = 'horde';
> $conf['perms']['driver'] = 'sql';
> $conf['share']['no_sharing'] = false;
> $conf['share']['any_group'] = true;
> $conf['share']['cache'] = true;
> $conf['share']['driver'] = 'sql';

Someone who experiences this needs to track it further down, or hire  
someone who does. The crucial method is probably  
Group_ldap::getGroupMemberships().

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/



More information about the horde mailing list