[horde] Horde authentication with IMP in a load-balanced environment

Vilius Sumskas/LNK vilius at lnk.lt
Tue Mar 31 07:15:05 UTC 2015 

> On 03/30/2015 06:08 PM, Vilius Sumskas/LNK wrote:
> > Hi,
> >
> >> Hi all, we are having difficulty working around our unique setup to
> >> authenticate with IMP and I wonder if one of the developers could 
point
> >> us in the right direction to fix this.  My apologies in advance, I am
> >> NOT an experienced PHP programmer and am a bit hazy on variable 
scopes
> >> and I believe that is a BIG part of my problem below.
> >>
> >> We are running the Latest Debian, Cyrus IMAP, and Horde 5.2.1 and Imp
> >> 6.2.2 with LDAP for user credentials.  We are currently 
authenticating
> >> using Horde and LDAP, but we would like the opening app to be IMP and 
to
> >
> >> do that we need to authenticate with IMP.
> >
> > Not necessarilly. Is your LDAP username/password the same as for IMAP? 
If
> > yes, just set 'hordeauth' in $servers array to 'true' or 'full'. Also 
set
> > your 'initial_app' preference in Horde preferences.
> >
> >> The tricky part happens because we have a load balanced cluster of 
web
> >> servers, each server supporting a block of our IMAP accounts.  So I
> >> might log into web server A and my IMAP is on server B.  So we have 
to
> >> make sure the IMAP hostname is set correctly in order to fetch mail.
> >>
> >> When we are using Horde auth with LDAP this is easily handled in
> >> imp/backends.local.php.  Just grab the auth credentials, do a quick 
LDAP
> >
> >> guery to get the IMAP server name and then set up the advanced IMAP
> >> server hostname in $servers['advanced']['hostspec']
> >>
> >> However, if I switch Horde to authenticate using IMP, then
> >> imp/backends.local.php does NOT have the authenticated username &
> >> credentials, so it can't query LDAP to get the hostname.
> >>
> >> I thought I could get around this by using imp/hooks.local.php
> >> preauthenticate (since it DOES have access to the un-authenticated
> >> username and credentials and I was able to use that to query LDAP to 
set
> >
> >> $credentials['server']), BUT I have been unable to figure out how to 
set
> >
> >> the IMAP $servers['advanced'] array from imp/hooks.local.php.
> >>
> >> So I am unable to set up the proper IMAP server when trying to
> >> authenticate with IMP...
> >>
> >> Can anyone give me the answer to one of these questions when
> >> authenticating Horde with IMP?
> >>
> >> 1. How can I access the unauthenticated username/password in
> >> imp/backends.local.php?
> >>
> >> OR
> >>
> >> 2. How can I access the the $servers['advanced'] array in
> >> imp/hooks.local.php
> >>
> >> OR
> >>
> >> 3. Am I going about this completely wrong and there is a better way 
to
> >> set the IMP IMAP backend hostname when authenticating with IMP?
> >>
> >> Thank you for any help.
> >
> 
> Vilius, thank you. The LDAP credentials are indeed the same as IMAP 
> because our IMAP actually authenticates using LDAP through SASL.  ;-)
> 
> However, we already tried what you suggest (full horde auth with LDAP 
> and initial_application = IMP) and were surprised that in oder to start 
> with IMP we had to auth through IMP.
> 
> Back on Jan 14/15 I brought that same issue up and got the answer below:
> 
> ----- jan 14 snippet -----
>  > 1. How do you configure Horde to switch immediately to Imp after
>  > login?  I have set Horde's prefs.local.php with
>  >
>  > $_prefs['initial_application']['value'] = 'imp';
>  >
>  > But all that seems to do is pre-select Imp in the user's Horde 
Display
>  > Preferences->Display Options->What application should FanMailPlus
>  > display after login?
> 
> No... that is the correct preference.
> 
> Only thing I can think of is that you have an authentication backend
> other than "application" (imp) configured.
> ----- end jan 14 snippet -----
> 
> The problem is in our set up where we need to set the correct IMAP 
> server BEFORE authentication.
> 
> When you authenticate through IMP, imp/backends.local.php appears to be 
> called BEFORE authentication and I can not figure out how to access the 
> 'raw' username and password credentials at that point.
> 
> imp/hooks.local.php can see the 'raw' username and password, but it can 
> not set the IMAP $servers['advanced'] array to set it up.
> 
> Thanks again Vilius.

I had SQL authentication with fullauth directly to IMP for year and it 
worked fine. You do not have to do IMP authentication to display IMP after 
login. The same preference can display any other application which doesn't 
have auth backend just fine, so it would be illogical that IMP behaves 
differently. Unless something changed in recent Horde versions.

-- 
   Vilius

-

More information about the horde mailing list