[horde] Login / auth trouble

Gunnar Wrobel wrobel at horde.org
Mon Aug 22 04:45:55 UTC 2011


Quoting Andre Dieball <andre at dieball.net>:

> Hi Team
>
> I'm setting up horde as part of the new website I do for my daughters school.
> I have a working ldap / cyrus/ postfix, etc setup and horde webmail  
> was the last step, but I'm struggling a bit with authentication and  
> defaults (domains).
>
>
> Basically the problem is as follows:
>
> right now, I authenticate horde against imp and imp against imap  
> which works fine.
>
> The problem is that I have teachers using the default domain  
> (example.com), students using a subdomain (@students.example.com).
>
> right now, when a teacher logs in, they can use uid or email  
> (jon.doe or jon.doe at example.com) and get logged into their mailbox.
>
> But (there is always a but):
> when a student logs in with his email, they see their mailbox, but  
> when they login with the uid, the get logged in but seem to endup in  
> a different mailbox (not existing actually).
>
> My saslauth ldap filter right now is: ldap_filter:  
> (|(mail=%u@%r)(mail=%u)(uid=%u%r)(uid=%u)) which allows email and  
> uid, when I change this to ldap_filter: (|(mail=%u@%r)(mail=%u))  
> nobody can login anymore.
>
> the current ldap filter wirks fine in every email client, i.e. in  
> apple mail, I can use uid or email and get my mailbox.
>
> I would like to have it that they can login with uid or email and  
> get to the proper mailbox OR just with their email address (less  
> preferred) which ends up in a login error when they use their uid.

This sounds a lot like the setup also used by the Kolab server backend  
(similar LDAP filters, same "uid" and "email" login).

There is at least one very significant difference when comparing a  
desktop mail client to the Horde client: The desktop variant usually  
handles one user while Horde handles many users. For Horde that means  
it needs to have *one* unique identifier for the users. If you use two  
then Horde will by default consider the two users to be different users.

Look at the "preauthenticate" hook in config/hooks.php. It can be used  
to remap the user ID to a single ID.

I'm not 100% certain that this will resolve your problem as there  
might still be some IMAP problems behind that. But I'm certain that  
this remapping of the user ID is mandatory as well.

If you need further help with the setup you should ensure you tell us  
which Horde version you are actually using and maybe provide some log  
entries if you feel they are relevant to the problem with the login  
process.

Cheers,

Gunnar

>
> Thanks a lot in advance
>
> Andre
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org

-- 
Core Developer
The Horde Project

e: wrobel at horde.org
t: +49 700 6245 0000
w: http://www.horde.org

pgp: 9703 43BE
tweets: http://twitter.com/pardus_de
blog: http://log.pardus.de



More information about the horde mailing list