[horde] Horde authentication with IMP in a load-balanced environment

Tue Mar 31 03:17:31 UTC 2015

On 03/30/2015 06:08 PM, Vilius Sumskas/LNK wrote:
> Hi,
>
>> Hi all, we are having difficulty working around our unique setup to
>> authenticate with IMP and I wonder if one of the developers could point
>> us in the right direction to fix this.  My apologies in advance, I am
>> NOT an experienced PHP programmer and am a bit hazy on variable scopes
>> and I believe that is a BIG part of my problem below.
>>
>> We are running the Latest Debian, Cyrus IMAP, and Horde 5.2.1 and Imp
>> 6.2.2 with LDAP for user credentials.  We are currently authenticating
>> using Horde and LDAP, but we would like the opening app to be IMP and to
>
>> do that we need to authenticate with IMP.
>
> Not necessarilly. Is your LDAP username/password the same as for IMAP? If
> yes, just set 'hordeauth' in $servers array to 'true' or 'full'. Also set
> your 'initial_app' preference in Horde preferences.
>
>> The tricky part happens because we have a load balanced cluster of web
>> servers, each server supporting a block of our IMAP accounts.  So I
>> might log into web server A and my IMAP is on server B.  So we have to
>> make sure the IMAP hostname is set correctly in order to fetch mail.
>>
>> When we are using Horde auth with LDAP this is easily handled in
>> imp/backends.local.php.  Just grab the auth credentials, do a quick LDAP
>
>> guery to get the IMAP server name and then set up the advanced IMAP
>> server hostname in $servers['advanced']['hostspec']
>>
>> However, if I switch Horde to authenticate using IMP, then
>> imp/backends.local.php does NOT have the authenticated username &
>> credentials, so it can't query LDAP to get the hostname.
>>
>> I thought I could get around this by using imp/hooks.local.php
>> preauthenticate (since it DOES have access to the un-authenticated
>> username and credentials and I was able to use that to query LDAP to set
>
>> $credentials['server']), BUT I have been unable to figure out how to set
>
>> the IMAP $servers['advanced'] array from imp/hooks.local.php.
>>
>> So I am unable to set up the proper IMAP server when trying to
>> authenticate with IMP...
>>
>> Can anyone give me the answer to one of these questions when
>> authenticating Horde with IMP?
>>
>> 1. How can I access the unauthenticated username/password in
>> imp/backends.local.php?
>>
>> OR
>>
>> 2. How can I access the the $servers['advanced'] array in
>> imp/hooks.local.php
>>
>> OR
>>
>> 3. Am I going about this completely wrong and there is a better way to
>> set the IMP IMAP backend hostname when authenticating with IMP?
>>
>> Thank you for any help.
>

Vilius, thank you. The LDAP credentials are indeed the same as IMAP 
because our IMAP actually authenticates using LDAP through SASL.  ;-)

However, we already tried what you suggest (full horde auth with LDAP 
and initial_application = IMP) and were surprised that in oder to start 
with IMP we had to auth through IMP.

Back on Jan 14/15 I brought that same issue up and got the answer below:

----- jan 14 snippet -----
 > 1. How do you configure Horde to switch immediately to Imp after
 > login?  I have set Horde's prefs.local.php with
 >
 > $_prefs['initial_application']['value'] = 'imp';
 >
 > But all that seems to do is pre-select Imp in the user's Horde Display
 > Preferences->Display Options->What application should FanMailPlus
 > display after login?

No... that is the correct preference.

Only thing I can think of is that you have an authentication backend
other than "application" (imp) configured.
----- end jan 14 snippet -----

The problem is in our set up where we need to set the correct IMAP 
server BEFORE authentication.

When you authenticate through IMP, imp/backends.local.php appears to be 
called BEFORE authentication and I can not figure out how to access the 
'raw' username and password credentials at that point.

imp/hooks.local.php can see the 'raw' username and password, but it can 
not set the IMAP $servers['advanced'] array to set it up.

Thanks again Vilius.
-- 
Andy Dorman