[horde] Authentication guidance required.

Jens Wahnes wahnes at uni-koeln.de
Thu Jul 30 08:44:54 UTC 2015


On Tue, Jul 28 2015, at 11:59:09 +0530, ANANT S ATHAVALE wrote:

>> On Sat, Jul 18 2015, at 18:48:54 +0530, ANANT S ATHAVALE wrote:
>>
>>> I also have an attribute attached with every user ldap entry, namely
>>> staffnumber and I need to give users to login using their staffnumber,
>>> but, it should display their original mailbox (uid).
>>
>>> Can this requirement be met with existing Horde application?

>> Yes, it can be done though one or more hooks.  If I understand your
>> requirements correctly, using just the preauthenticate hook will
>> probably suffice.

> Thanks. It worked.  Please see the preauthenticate hook.  Please  
> suggest, if it can be still improved.

one thing to consider in your code is whether you are going to want to
use "plain" PHP functions for LDAP access or if you're better off using
Horde's LDAP functions.  The latter would enable you to keep the LDAP
config to Horde's config file, which is always a good idea.  Otherwise,
you'll have to remember to change things in two places, e.g. if there
is a new hostname for the LDAP service.

Also, your code could use some more error handling, e.g.
try-catch-blocks in case something goes wrong.  For example, you might
want to display a message on the login screen in case the LDAP server
could not be queried:

$GLOBALS['notification']->push(_("Error in process of password verification, please try again later"), "horde.warning");

Probably, you'll want to add a note to the logfile in that case as
well.  If a user complains that they could not log in, then you can
find out why later:

Horde::log("Could not query LDAP server when trying to look up info for $userId", "ERR");
          
It might even be a good idea to directly return false in case the LDAP
server was unavailable.


Jens


More information about the horde mailing list