[horde] Horde authentication with IMP in a load-balanced environment

Andy Dorman adorman at ironicdesign.com
Tue Mar 31 14:15:20 UTC 2015 

On 03/31/2015 03:09 AM, Jan Schneider wrote:
>
> Zitat von Andy Dorman <adorman at ironicdesign.com>:
>
>> Hi all, we are having difficulty working around our unique setup to
>> authenticate with IMP and I wonder if one of the developers could
>> point us in the right direction to fix this.  My apologies in advance,
>> I am NOT an experienced PHP programmer and am a bit hazy on variable
>> scopes and I believe that is a BIG part of my problem below.
>>
>> We are running the Latest Debian, Cyrus IMAP, and Horde 5.2.1 and Imp
>> 6.2.2 with LDAP for user credentials.  We are currently authenticating
>> using Horde and LDAP, but we would like the opening app to be IMP and
>> to do that we need to authenticate with IMP.
>>
>> The tricky part happens because we have a load balanced cluster of web
>> servers, each server supporting a block of our IMAP accounts.  So I
>> might log into web server A and my IMAP is on server B.  So we have to
>> make sure the IMAP hostname is set correctly in order to fetch mail.
>>
>> When we are using Horde auth with LDAP this is easily handled in
>> imp/backends.local.php.  Just grab the auth credentials, do a quick
>> LDAP guery to get the IMAP server name and then set up the advanced
>> IMAP server hostname in $servers['advanced']['hostspec']
>>
>> However, if I switch Horde to authenticate using IMP, then
>> imp/backends.local.php does NOT have the authenticated username &
>> credentials, so it can't query LDAP to get the hostname.
>>
>> I thought I could get around this by using imp/hooks.local.php
>> preauthenticate (since it DOES have access to the un-authenticated
>> username and credentials and I was able to use that to query LDAP to
>> set $credentials['server']), BUT I have been unable to figure out how
>> to set the IMAP $servers['advanced'] array from imp/hooks.local.php.
>>
>> So I am unable to set up the proper IMAP server when trying to
>> authenticate with IMP...
>>
>> Can anyone give me the answer to one of these questions when
>> authenticating Horde with IMP?
>>
>> 1. How can I access the unauthenticated username/password in
>> imp/backends.local.php?
>>
>> OR
>>
>> 2. How can I access the the $servers['advanced'] array in
>> imp/hooks.local.php
>>
>> OR
>>
>> 3. Am I going about this completely wrong and there is a better way to
>> set the IMP IMAP backend hostname when authenticating with IMP?
>>
>> Thank you for any help.
>>
>> --
>> Andy Dorman
>>
>> --
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
> See the preauthenticate hook example in imp/config/hooks.php.dist. You
> need a separate $servers entry for each IMAP server, and can then set
> the server *name* (not the server *host*) in the hook.
>

Thanks Jan.  I am familiar with the preauthenticate hook, but I did not 
understand how to use it properly...heh, I am not sure I understand now.

Let me see if I understand you correctly. For a cluster of IMAP servers 
where we need to designate one for a user upon authentication...

1. Define ALL our possible IMAP servers in imp/backends.local.php with 
something like this:

// disable the default
$servers ['imap']['disabled'] = true;

// enable all the potential IMAP servers
$serverNames = array('imap-a', 'imap-b', 'imap-c');
foreach($serverNames as $name) {
   $servers[$name] = array(
       'disabled' => false,
       'name' => 'server_' . $name,
       'hostspec' => $name . '.mydomain.com',
       'hordeauth' => 'full',
       // a bunch of other advanced options...
   );
}

2. Use the preauthenticate hook to grab and set the correct IMAP server 
*name* (the $name array key from backends.local.php above) in 
$credentials['server'] like this:

public function preauthenticate($userId, $credentials)
{
   if ($userId && $credentials['authMethod'] == 'authenticate') {

// fetch $serverName from the $userId LDAP record

// $serverName should correspond to the array key $name in
// $server[$name] from backends.local.php

     $credentials['server'] = $serverName;

     return array(
       'credentials' => $credentials,
       'userId' => $userId
     );

   }
} // end preauthenticate hook




-- 
Andy Dorman

More information about the horde mailing list