[horde] howto to specify syncml or activesync auth driver

Michael J Rubinsky mrubinsk at horde.org
Sat May 7 18:31:21 UTC 2011 

LALOT Dominique <dom.lalot at gmail.com> wrote:

>Hello,
>
>I post another mail following the composite auth driver I mentionned
>earlier.
>
>For auth, we use shibboleth and it works fine. Shibboleth manage both
>SSO
>and identity federation. So from the client side, the brower is
>redirected
>to several services and at the end, apache delivers the user name to
>Horde
>via environnement. In fact Apache shibboleth module says, "just believe
>me"
>and the user is logged in and no password has been seen on the horde
>side.
>That works great with humans and provide SSO, a little bit more
>complicated
>than a CAS driver but with much more possibilities.
>
>But I want to use syncml or ActiveSync which were working well when my
>auth
>driver was imap or ldap. As the default auth handler is shibboleth,
>devices
>are no more able to log in. We should find a way to say rpc.php auth
>driver is ldap or imap
>2011-05-05T15:09:21+02:00 INFO: HORDE [horde]
>Horde_ActiveSync_Driver_Horde::logon attempt for: lalot [pid 22677 on
>line
>80 of "/usr/share/php/Horde/Core/ActiveSync/Driver.php"]
>2011-05-05T15:09:21+02:00 INFO: HORDE [horde] Access denied for user:
>lalot.
>Username or password incorrect. [pid 22677 on line 203 of
>"/usr/share/php/Horde/Rpc/ActiveSync.php"]
>In Horde3 a colleague added a code to conf.php, but we can't do that
>with
>Horde4
>if (!function_exists('_horde_select_loginscreen')) {
>    function _horde_select_loginscreen() {
>       if (preg_match('|^/horde/rpc.php|',$_SERVER['REQUEST_URI']) ||
>$GLOBALS['browser']->isMobile()) {
>             return 'ldap_drv';
>       }
>       return 'cas_drv';
>    }
>}
>Any ideas?
>
>Thanks
>
>Dom
>-- 
>Dominique LALOT
>Ingénieur Systèmes et Réseaux
>http://annuaire.univmed.fr/showuser.php?uid=lalot
>-- 
>Horde mailing list
>Frequently Asked Questions: http://horde.org/faq/
>To unsubscribe, mail: horde-unsubscribe at lists.horde.org

Sounds like a good candidate for a new config option. This could be checked for in the Horde_Rpc#authorize method.  This probably couldn't happen upstream until Horde 5 though - along with some other refactorings to pull some core dependencies out of Rpc.

You might be able to do something locally in Horde/Rpc.php (in the authorize method, instantiate the auth driver you want explicitly instead of grabbing it via the injector).

HTH

--
Mike
Sent from mobile

More information about the horde mailing list