[horde] Horde authentication with IMP in a load-balanced environment

Tue Mar 31 15:59:22 UTC 2015

Zitat von Andy Dorman <adorman at ironicdesign.com>:

> On 03/31/2015 03:09 AM, Jan Schneider wrote:
>>
>> Zitat von Andy Dorman <adorman at ironicdesign.com>:
>>
>>> Hi all, we are having difficulty working around our unique setup to
>>> authenticate with IMP and I wonder if one of the developers could
>>> point us in the right direction to fix this.  My apologies in advance,
>>> I am NOT an experienced PHP programmer and am a bit hazy on variable
>>> scopes and I believe that is a BIG part of my problem below.
>>>
>>> We are running the Latest Debian, Cyrus IMAP, and Horde 5.2.1 and Imp
>>> 6.2.2 with LDAP for user credentials.  We are currently authenticating
>>> using Horde and LDAP, but we would like the opening app to be IMP and
>>> to do that we need to authenticate with IMP.
>>>
>>> The tricky part happens because we have a load balanced cluster of web
>>> servers, each server supporting a block of our IMAP accounts.  So I
>>> might log into web server A and my IMAP is on server B.  So we have to
>>> make sure the IMAP hostname is set correctly in order to fetch mail.
>>>
>>> When we are using Horde auth with LDAP this is easily handled in
>>> imp/backends.local.php.  Just grab the auth credentials, do a quick
>>> LDAP guery to get the IMAP server name and then set up the advanced
>>> IMAP server hostname in $servers['advanced']['hostspec']
>>>
>>> However, if I switch Horde to authenticate using IMP, then
>>> imp/backends.local.php does NOT have the authenticated username &
>>> credentials, so it can't query LDAP to get the hostname.
>>>
>>> I thought I could get around this by using imp/hooks.local.php
>>> preauthenticate (since it DOES have access to the un-authenticated
>>> username and credentials and I was able to use that to query LDAP to
>>> set $credentials['server']), BUT I have been unable to figure out how
>>> to set the IMAP $servers['advanced'] array from imp/hooks.local.php.
>>>
>>> So I am unable to set up the proper IMAP server when trying to
>>> authenticate with IMP...
>>>
>>> Can anyone give me the answer to one of these questions when
>>> authenticating Horde with IMP?
>>>
>>> 1. How can I access the unauthenticated username/password in
>>> imp/backends.local.php?
>>>
>>> OR
>>>
>>> 2. How can I access the the $servers['advanced'] array in
>>> imp/hooks.local.php
>>>
>>> OR
>>>
>>> 3. Am I going about this completely wrong and there is a better way to
>>> set the IMP IMAP backend hostname when authenticating with IMP?
>>>
>>> Thank you for any help.
>>>
>>> --
>>> Andy Dorman
>>>
>>> --
>>> Horde mailing list
>>> Frequently Asked Questions: http://horde.org/faq/
>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>
>> See the preauthenticate hook example in imp/config/hooks.php.dist. You
>> need a separate $servers entry for each IMAP server, and can then set
>> the server *name* (not the server *host*) in the hook.
>>
>
> Thanks Jan.  I am familiar with the preauthenticate hook, but I did  
> not understand how to use it properly...heh, I am not sure I  
> understand now.
>
> Let me see if I understand you correctly. For a cluster of IMAP  
> servers where we need to designate one for a user upon  
> authentication...
>
> 1. Define ALL our possible IMAP servers in imp/backends.local.php  
> with something like this:
>
> // disable the default
> $servers ['imap']['disabled'] = true;
>
> // enable all the potential IMAP servers
> $serverNames = array('imap-a', 'imap-b', 'imap-c');
> foreach($serverNames as $name) {
>   $servers[$name] = array(
>       'disabled' => false,
>       'name' => 'server_' . $name,
>       'hostspec' => $name . '.mydomain.com',
>       'hordeauth' => 'full',
>       // a bunch of other advanced options...
>   );
> }
>
> 2. Use the preauthenticate hook to grab and set the correct IMAP  
> server *name* (the $name array key from backends.local.php above) in  
> $credentials['server'] like this:
>
> public function preauthenticate($userId, $credentials)
> {
>   if ($userId && $credentials['authMethod'] == 'authenticate') {
>
> // fetch $serverName from the $userId LDAP record
>
> // $serverName should correspond to the array key $name in
> // $server[$name] from backends.local.php
>
>     $credentials['server'] = $serverName;
>
>     return array(
>       'credentials' => $credentials,
>       'userId' => $userId
>     );
>
>   }
> } // end preauthenticate hook
>
>
>
>
> -- 
> Andy Dorman
>
> -- 
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org

Yes.

-- 
Jan Schneider
The Horde Project
http://www.horde.org/
https://www.facebook.com/hordeproject