[horde] Shared LDAP address book for certain users only
Michael J Rubinsky
mrubinsk at horde.org
Fri Nov 20 15:17:01 UTC 2015
Quoting Daniel Kraus <dk at doktorkraus.de>:
> I have an LDAP directory that I use as a shared address book in Turba.
> It works all right.
>
> Now I want to hide this address book from certain users, i.e. disable it
> for them/enable it for specific users only.
>
> Is this possible?
>
> I thought about using a hook to dynamically set the 'disabled' value in
> turba/config/backends.local.php, e.g.
>
> $cfgSources['shared_ldap']['disabled'] = MyCustomFunction();
>
> But that's about as far as I got...
>
> The information whether or not to enable this shared address book would
> come from the LDAP directory itself, e.g.
> "memberof=cn=CanSeeAddressBook,dc=example,dc=com".
>
> I appreciate your help.
>
> Daniel
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
The correct way to set permissions for an address book source that
doesn't use shares is via Horde's permissions system
(Administration->Permissions). If you want this to be done dynamically
based on some value in the directory, you will probably need to use a
appauthenticated hook in turba to check this value and add the
permissions to the permissions system if it's not already set
correctly since I don't think we currently have any hooks into just
checking the permissions system.
The problem with setting the $cfgSources value from an actual horde
hook is that the various app and auth hooks are only called once per
session, but the cfgsources data may be loaded more than once.
The problem with using a closure to do this directly in
backends.local.php (as in your example) is that you would not be
guaranteed that the application is fully initialized and/or
authenticated when the file is loaded and parsed so you wouldn't be
able to reliably use Turba specific code/data in your function - not
to mention it would run *every* time turba is accessed.
--
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5751 bytes
Desc: S/MIME Signature
URL: <http://lists.horde.org/archives/horde/attachments/20151120/428328a6/attachment.bin>
More information about the horde
mailing list