[horde] Horde authentication with IMP in a load-balanced environment, works great!

Andy Dorman adorman at ironicdesign.com
Tue Mar 31 17:07:19 UTC 2015 

On 03/31/2015 10:59 AM, Jan Schneider wrote:
>
> Zitat von Andy Dorman <adorman at ironicdesign.com>:
>
>> On 03/31/2015 03:09 AM, Jan Schneider wrote:
>>>
>>> Zitat von Andy Dorman <adorman at ironicdesign.com>:
>>>
>>>> Hi all, we are having difficulty working around our unique setup to
>>>> authenticate with IMP and I wonder if one of the developers could
>>>> point us in the right direction to fix this.  My apologies in advance,
>>>> I am NOT an experienced PHP programmer and am a bit hazy on variable
>>>> scopes and I believe that is a BIG part of my problem below.
>>>>
>>>> We are running the Latest Debian, Cyrus IMAP, and Horde 5.2.1 and Imp
>>>> 6.2.2 with LDAP for user credentials.  We are currently authenticating
>>>> using Horde and LDAP, but we would like the opening app to be IMP and
>>>> to do that we need to authenticate with IMP.
>>>>
>>>> The tricky part happens because we have a load balanced cluster of web
>>>> servers, each server supporting a block of our IMAP accounts.  So I
>>>> might log into web server A and my IMAP is on server B.  So we have to
>>>> make sure the IMAP hostname is set correctly in order to fetch mail.
>>>>
>>>> When we are using Horde auth with LDAP this is easily handled in
>>>> imp/backends.local.php.  Just grab the auth credentials, do a quick
>>>> LDAP guery to get the IMAP server name and then set up the advanced
>>>> IMAP server hostname in $servers['advanced']['hostspec']
>>>>
>>>> However, if I switch Horde to authenticate using IMP, then
>>>> imp/backends.local.php does NOT have the authenticated username &
>>>> credentials, so it can't query LDAP to get the hostname.
>>>>
>>>> I thought I could get around this by using imp/hooks.local.php
>>>> preauthenticate (since it DOES have access to the un-authenticated
>>>> username and credentials and I was able to use that to query LDAP to
>>>> set $credentials['server']), BUT I have been unable to figure out how
>>>> to set the IMAP $servers['advanced'] array from imp/hooks.local.php.
>>>>
>>>> So I am unable to set up the proper IMAP server when trying to
>>>> authenticate with IMP...
>>>>
>>>> Can anyone give me the answer to one of these questions when
>>>> authenticating Horde with IMP?
>>>>
>>>> 1. How can I access the unauthenticated username/password in
>>>> imp/backends.local.php?
>>>>
>>>> OR
>>>>
>>>> 2. How can I access the the $servers['advanced'] array in
>>>> imp/hooks.local.php
>>>>
>>>> OR
>>>>
>>>> 3. Am I going about this completely wrong and there is a better way to
>>>> set the IMP IMAP backend hostname when authenticating with IMP?
>>>>
>>>> Thank you for any help.
>>>>
>>>> --
>>>> Andy Dorman
>>>>
>>>> --
>>>> Horde mailing list
>>>> Frequently Asked Questions: http://horde.org/faq/
>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>
>>> See the preauthenticate hook example in imp/config/hooks.php.dist. You
>>> need a separate $servers entry for each IMAP server, and can then set
>>> the server *name* (not the server *host*) in the hook.
>>>
>>
>> Thanks Jan.  I am familiar with the preauthenticate hook, but I did
>> not understand how to use it properly...heh, I am not sure I
>> understand now.
>>
>> Let me see if I understand you correctly. For a cluster of IMAP
>> servers where we need to designate one for a user upon authentication...
>>
>> 1. Define ALL our possible IMAP servers in imp/backends.local.php with
>> something like this:
>>
>> // disable the default
>> $servers ['imap']['disabled'] = true;
>>
>> // enable all the potential IMAP servers
>> $serverNames = array('imap-a', 'imap-b', 'imap-c');
>> foreach($serverNames as $name) {
>>   $servers[$name] = array(
>>       'disabled' => false,
>>       'name' => 'server_' . $name,
>>       'hostspec' => $name . '.mydomain.com',
>>       'hordeauth' => 'full',
>>       // a bunch of other advanced options...
>>   );
>> }
>>
>> 2. Use the preauthenticate hook to grab and set the correct IMAP
>> server *name* (the $name array key from backends.local.php above) in
>> $credentials['server'] like this:
>>
>> public function preauthenticate($userId, $credentials)
>> {
>>   if ($userId && $credentials['authMethod'] == 'authenticate') {
>>
>> // fetch $serverName from the $userId LDAP record
>>
>> // $serverName should correspond to the array key $name in
>> // $server[$name] from backends.local.php
>>
>>     $credentials['server'] = $serverName;
>>
>>     return array(
>>       'credentials' => $credentials,
>>       'userId' => $userId
>>     );
>>
>>   }
>> } // end preauthenticate hook
>>
>>
>>
>>
>> --
>> Andy Dorman
>>
>> --
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
> Yes.
>

Thanks again Jan.  It works beautifully.

-- 
Andy Dorman

More information about the horde mailing list