[horde] Login with mail or uid

Rodrigo Abrantes Antunes rodrigoantunes at pelotas.ifsul.edu.br
Thu Nov 1 19:08:41 UTC 2012 

Citando Jan Schneider <jan at horde.org>:
> Zitat von Rodrigo Abrantes Antunes <rodrigoantunes at pelotas.ifsul.edu.br>:
>> Citando Rodrigo Abrantes Antunes  
>> <rodrigoantunes at pelotas.ifsul.edu.br>:   > Citando Jan Schneider  
>> <jan at horde.org>:    > Zitat von Rodrigo Abrantes Antunes  
>> <rodrigoantunes at pelotas.ifsul.edu.br>:     > Hi, I need my users to  
>> login to horde and imp using their ldap 'uid' or
>>>>>          their ldap 'mail' but after login only uid is used as  
>>>>> usual, in horde
>>>>>          configuration I can specify only one of them to search  
>>>>> in ldap. I looked
>>>>>          trought the hooks and found "authusername" but I think  
>>>>> that it isn't
>>>>>          exactly what I need.
>>>>      It is.
>>>>      --
>>>>      Jan Schneider
>>>>      The Horde Project
>>>> http://www.horde.org/
>>>>
>>>>      --
>>>>      Horde mailing list
>>>>      Frequently Asked Questions: http://horde.org/faq/To  
>>>> unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>     I tried to use the mentioned hook. I put exactly this in  
>>> hooks.local.php (bind anonymously):
>>>
>>>     class Horde_Hooks
>>>     {
>>>         public function authusername($userId, $toHorde)
>>>         {
>>>                $ldapServer = 'ldaps://myldapserver';
>>>                $ldapPort = '389';
>>>                $searchBase = 'ou=people,dc=mydc';
>>>                $ds = @ldap_connect($ldapServer, $ldapPort);
>>>                $searchResult = @ldap_search($ds, $searchBase,  
>>> 'uid=' . $userId);
>>>                $information = @ldap_get_entries($ds, $searchResult);
>>>                if (($information !== false) &&  
>>> ($information['count'] > 0)) {
>>>                   $userId = $information[0]['mail'][0];
>>>                }
>>>                return array(
>>>                  'userId' => $userId,
>>>                  'credentials' => $credentials
>>>               );
>>>        }
>>>     }
>>>
>>>
>>>     But when I log with uid it says "User is not authorized for  
>>> imp" and "/the preference system is down, so until this//message  
>>> goes away you're working with the default preferences instead of  
>>> the//ones you chose/" and in logs I see a lot of these:
>>>
>>>     SQL QUERY FAILED: SQLSTATE[42000]: Syntax error or access  
>>> violation: 1064 You have an error in your SQL syntax; check the  
>>> manual that corresponds to your MySQL server version for the right  
>>> syntax to use near 'AND (perm_2 = 1)' at line 1
>>>             SELECT * FROM mnemo_sharesng_users WHERE user_uid =  
>>> AND (perm_2 = 1) [pid 1568 on line 812 of  
>>> "/usr/share/php/Horde/Db/Adapter/Base.php"]
>>>
>>>     It seems it contact ldap for the credentials and sucessfully  
>>> login but after this it looses the userid and can't load any  
>>> preferences. And I still can't login with e-mail.
>>>
>>>     I modified the hook to test it standalone and it worked well  
>>> (returned the email),  here is how I modified it:
>>>
>>>     <?php
>>>     $userId='xxxxxxxx';
>>>     $ldapServer = 'ldaps://myldapserver';
>>>     $ldapPort = '389';
>>>     $searchBase = 'ou=people,dc=mydc';
>>>     $ds = @ldap_connect($ldapServer, $ldapPort);
>>>     $searchResult = @ldap_search($ds, $searchBase, 'uid=' . $userId);
>>>     $information = @ldap_get_entries($ds, $searchResult);
>>>     if (($information !== false) && ($information['count'] > 0)) {
>>>          $userId = $information[0]['mail'][0];
>>>     }
>>>     echo $userId;
>>>     ?>
>>>
>>>     Anything I may be missing?
>>>
>>>
>>>
>>>
>>>
>>>
>>>      
>>    I removed the hook but now I'm still getting the sql errors. Is  
>> it normal?
>   Read the documentation! The authusername hook doesn't return an  
> array. I just noticed that the LDAP example is incorrect though.
>
>   The SQL error is a follow-up error.
>   --
>   Jan Schneider
>   The Horde Project
> http://www.horde.org/
>
>   --
>   Horde mailing list
>   Frequently Asked Questions: http://horde.org/faq/To unsubscribe,  
> mail: horde-unsubscribe at lists.horde.org
I made it! But not with the authusername hook but with the
preauthenticate. Now my users can login with both their email and user.
Here it is in case someone else needs:

     public function preauthenticate($userId, $credentials) {
        $ldapServer = 'ldaps://myldapserver';
        $ldapPort = '389';
        $searchBase = 'ou=people,dc=myldapbase';
        $ds = @ldap_connect($ldapServer, $ldapPort);

        // Search by the mail no by the uid
        $searchResult = @ldap_search($ds, $searchBase, 'mail=' . $userId);
        $information = @ldap_get_entries($ds, $searchResult);

        //If the mail is found change it to uid to authenticate
        if (($information !== false) && ($information['count'] > 0)) {
           $userId = $information[0]['uid'][0];
        }

        return array(
           'userId' => $userId,
           'credentials' => $entry
        );
    }

More information about the horde mailing list