[horde] Horde with LDAP auth and e-mail as IMAP username

Jan Schneider jan at horde.org
Tue Aug 10 07:11:07 UTC 2021 

If you use a single database for all domains, you need to have the  
domain part in the Horde user names anyway, to avoid name clashes.

Zitat von Ivajlo Karabojkov <ivo at tugab.bg>:

> I just forgot to mention that I've managed to authenticate IMP by  
> using its backends.php - 'hordeauth' => 'full', but in this case  
> IMP's preauthenticate hook seems not working. I've used Horde's  
> authusername hook where the domain part is added to the username.
> I'm afraid that now Horde believes that the username is actually the  
> e-mail address, but my LDAP uses only the UID attribute. I can strip  
> the '@domain.com' for the Horde passwd but I'm not sure what else  
> may go wrong.
>
> On 06.08.2021 10:30 ч., Ivajlo Karabojkov wrote:
>> Thank you very much! That worked, but with some strange behavior -  
>> when the user clicks to "Mail" the login screen shows up. If the  
>> ordinary username (without the domain) and the password is provided  
>> everything works.
>> Can I suppress the secondary login, as the username and the  
>> password is already supplied?
>>
>> Here is my IMP preauthenticate hook:
>>
>>      public function preauthenticate($userId, $credentials)
>>      {
>>          switch ($credentials['authMethod']) {
>>          case 'admin':
>>              return true;
>>
>>          case 'authenticate':
>>             // Example #1: Append the virtual domain to the username.
>>             // ex. $HTTP_HOST = 'mail.mydomain.com', $userId =  
>> 'myname' returns:
>>             // 'myname at mydomain.com'
>>             $vdomain = 'my.domain.com';
>>             return array (
>>                 'credentials' => $credentials,
>>                 'userId' => $userId . '@' . $vdomain
>>             );
>>         }
>>      }
>>
>>
>>
>> On 06.08.2021 00:31 ч., Michael J Rubinsky wrote:
>>>
>>> Quoting Ivajlo Karabojkov <ivo at tugab.bg>:
>>>
>>>> Hi,
>>>>
>>>> I'm trying to set up a Horde with LDAP authentication and user management.
>>>> Each mail domain should have its own horde configuration and  
>>>> users log in with their username (cn). But the IMAP server works  
>>>> in "virtual users" mode and expects as an username the e-mail  
>>>> address, consisting the username (cn)+"@"+domain.com.
>>>> Is it possible to configure IMP to send the whole e-mail address  
>>>> as an username to the IMAP server without asking users to enter  
>>>> it as username?
>>>
>>> Sounds like you want IMP's preauthenticate hook. See  
>>> imp/config/hooks.php.dist
>>>
>>>
>>>
>>>
>>>> Best regards,
>>>> Ivo
>>>> -- 
>>>> Horde mailing list
>>>> Frequently Asked Questions: http://horde.org/faq/
>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>
>>>
>>>
>>>
>>



-- 
Jan Schneider
The Horde Project
https://www.horde.org/

More information about the horde mailing list