[horde] Shared LDAP address book for certain users only

Michael J Rubinsky mrubinsk at horde.org
Fri Nov 20 15:17:01 UTC 2015


Quoting Daniel Kraus <dk at doktorkraus.de>:

> I have an LDAP directory that I use as a shared address book in Turba.
> It works all right.
>
> Now I want to hide this address book from certain users, i.e. disable it
> for them/enable it for specific users only.
>
> Is this possible?
>
> I thought about using a hook to dynamically set the 'disabled' value in
> turba/config/backends.local.php, e.g.
>
> 	$cfgSources['shared_ldap']['disabled'] = MyCustomFunction();
>
> But that's about as far as I got...
>
> The information whether or not to enable this shared address book would
> come from the LDAP directory itself, e.g.
> "memberof=cn=CanSeeAddressBook,dc=example,dc=com".
>
> I appreciate your help.
>
> Daniel
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org

The correct way to set permissions for an address book source that  
doesn't use shares is via Horde's permissions system  
(Administration->Permissions). If you want this to be done dynamically  
based on some value in the directory, you will probably need to use a  
appauthenticated hook in turba to check this value and add the  
permissions to the permissions system if it's not already set  
correctly since I don't think we currently have any hooks into just  
checking the permissions system.

The problem with setting the $cfgSources value from an actual horde  
hook is that the various app and auth hooks are only called once per  
session, but the cfgsources data may be loaded more than once.

The problem with using a closure to do this directly in  
backends.local.php (as in your example) is that you would not be  
guaranteed that the application is fully initialized and/or  
authenticated when the file is loaded and parsed so you wouldn't be  
able to reliably use Turba specific code/data in your function - not  
to mention it would run *every* time turba is accessed.

-- 
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5751 bytes
Desc: S/MIME Signature
URL: <http://lists.horde.org/archives/horde/attachments/20151120/428328a6/attachment.bin>


More information about the horde mailing list