[horde] Shared LDAP address book for certain users only

Daniel Kraus dk at doktorkraus.de
Fri Nov 20 16:05:04 UTC 2015


On Fri Nov 20 2015 16:17:01 GMT+0100 (CET), Michael J Rubinsky
<mrubinsk at horde.org> wrote:

> 
> Quoting Daniel Kraus <dk at doktorkraus.de>:
> 
>> I have an LDAP directory that I use as a shared address book in Turba.
>> It works all right.
>>
>> Now I want to hide this address book from certain users, i.e. disable it
>> for them/enable it for specific users only.
>>
>> Is this possible?
>>
>> I thought about using a hook to dynamically set the 'disabled' value in
>> turba/config/backends.local.php, e.g.
>>
>>     $cfgSources['shared_ldap']['disabled'] = MyCustomFunction();
>>
>> But that's about as far as I got...
>>
>> The information whether or not to enable this shared address book would
>> come from the LDAP directory itself, e.g.
>> "memberof=cn=CanSeeAddressBook,dc=example,dc=com".
>>
>> I appreciate your help.
>>
>> Daniel
>> -- 
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
> 
> The correct way to set permissions for an address book source that
> doesn't use shares is via Horde's permissions system
> (Administration->Permissions). If you want this to be done dynamically
> based on some value in the directory, you will probably need to use a
> appauthenticated hook in turba to check this value and add the
> permissions to the permissions system if it's not already set correctly
> since I don't think we currently have any hooks into just checking the
> permissions system.
> 
> The problem with setting the $cfgSources value from an actual horde hook
> is that the various app and auth hooks are only called once per session,
> but the cfgsources data may be loaded more than once.
> 
> The problem with using a closure to do this directly in
> backends.local.php (as in your example) is that you would not be
> guaranteed that the application is fully initialized and/or
> authenticated when the file is loaded and parsed so you wouldn't be able
> to reliably use Turba specific code/data in your function - not to
> mention it would run *every* time turba is accessed.
> 
> 

Thanks very much, the Permissions system fully satisfies my needs (had
totally ignored it before). I linked Horde's groups to the LDAP groups
subtree and go from there.

It's amazing how you can do pretty much everything with Horde.

Daniel




More information about the horde mailing list