[horde] Virtualhost context for hooks
Jan Schneider
jan at horde.org
Mon Jan 22 10:39:54 UTC 2018
Zitat von Nels Lindquist <nlindq at maei.ca>:
> Hi, Jan.
>
> On 2018/01/12 4:28 AM, Jan Schneider wrote:
>>
>> Zitat von Nels Lindquist <nlindq at maei.ca>:
>>
>>> Hi, Jan.
>>>
>>> On 2018/01/09 2:09 PM, Jan Schneider wrote:
>>>>
>>>> Zitat von Nels Lindquist <nlindq at maei.ca>:
>>>>
>>>>> Hi there.
>>>>>
>>>>> I'm using a preauthenticate hook to normalize login IDs
>>>>> against an LDAP server. In each virtualhost configuration
>>>>> file I've defined different LDAP search bases, but my hook
>>>>> functions appear to be using the root Horde search base
>>>>> rather than the virtualhost's overridden configuration.
>>>>>
>>>>> I'm referincing "global $conf" within my hook functions in
>>>>> order to access $conf['auth']['params']['basedn']; should I
>>>>> be incorporating something else to get the virtualhost
>>>>> overrides?
>>>>
>>>> No. But you didnt explain how exactly your setup looks like.
>>>> And how about vhost-specific settings used anywhere else than
>>>> hooks.php.
>>>
>>> I have Horde Groupware Webmail Edition 5.2.22 installed. IMP is
>>> configured to connect to Cyrus IMAPD on the local host.
>>> Authentication is through LDAP, using OpenLDAP as the backend.
>>>
>>> I'm using vhost-specific settings to define a different
>>> database, administrator ID, cache prfix and authentication base
>>> DN for each domain, as well as default mail domain (for imp) and
>>> different LDAP base DNs for each vhost's turba shared directory.
>>>
>>> Note that I'm using a common hooks.php file for all virtual
>>> domains since it's the same function performing the normalization
>>> regardless. Should there be vhost-specific hooks-*.php files as
>>> well?
>>
>> No, you should indeed have a single hooks.php file only, and make
>> any necessary vhost distinctions inside your hook code.
>
> Okay; sounds like I'm "doing it right".
>
> I assumed the vhost distinctions would come in through the global
> $conf depending on which virtualhost is calling the hook.
>
> Thinking about it more, the problem may not be with my hook, which I'm
> using to canonicalize userids into lower-case e-mail addresses. If
> the user enters a bare username, it uses the vhost-specific LDAP
> configuration to perform a lookup and retrieve the associated mail
> attribute, which it returns as the replacement userId.
>
> The problem arises when someone uses an e-mail address for the userid
> which isn't part of the current vhost domain; my hook does some sanity
> checking for the userid format and if it's a valid e-mail address, it
> returns true so the userId is unmodified. However, if the e-mail
> address is part of another vhost then the authentication will still
> work, implying that authentication is happening in the base context
> rather than a vhost context.
>
> I should probably verify that an entered e-mail address is part of the
> current vhost context; I'm assuming I could pull in the virtual
> hostname from the global $vhost variable, since it's not explicitly
> defined in any of the conf*.php files?
No, it's taken from $_SERVER['SERVER_NAME'].
--
Jan Schneider
The Horde Project
https://www.horde.org/
More information about the horde
mailing list