[horde] Horde with LDAP auth and e-mail as IMAP username
Ivajlo Karabojkov
ivo at tugab.bg
Tue Aug 10 17:42:27 UTC 2021
To make LDAP more independent and portable I use separate branch for
each domain, eg.
"ou=people,dc=domain1.com,dc=domains,dc=maindomain,dc=com" and
"ou=people,dc=domain2.eu,dc=domains,dc=maindomain,dc=com". But using the
e-mail as Horde username doesn't bother me. I'm not sure what can this
break in the future. Now I'm struggling with the Horde passwd and I
can't make it find the given user. It uses invalid filter despite
specified in passwd/config/backends.php and Slapd logs:
op=5 SRCH
base="uid=user2,ou=people,dc=domain1.com,dc=domains,dc=maindomain,dc=com"
scope=0 deref=0 filter="(objectClass=*)"
slapd[]: conn=1756 op=5 SEARCH RESULT tag=101 err=32 nentries=0 text=
I'm not sure if this is caused by the username uid / mail mixture.
On 10.08.2021 10:11 ч., Jan Schneider wrote:
> If you use a single database for all domains, you need to have the
> domain part in the Horde user names anyway, to avoid name clashes.
>
> Zitat von Ivajlo Karabojkov <ivo at tugab.bg>:
>
>> I just forgot to mention that I've managed to authenticate IMP by
>> using its backends.php - 'hordeauth' => 'full', but in this case
>> IMP's preauthenticate hook seems not working. I've used Horde's
>> authusername hook where the domain part is added to the username.
>> I'm afraid that now Horde believes that the username is actually the
>> e-mail address, but my LDAP uses only the UID attribute. I can strip
>> the '@domain.com' for the Horde passwd but I'm not sure what else may
>> go wrong.
>>
>> On 06.08.2021 10:30 ч., Ivajlo Karabojkov wrote:
>>> Thank you very much! That worked, but with some strange behavior -
>>> when the user clicks to "Mail" the login screen shows up. If the
>>> ordinary username (without the domain) and the password is provided
>>> everything works.
>>> Can I suppress the secondary login, as the username and the password
>>> is already supplied?
>>>
>>> Here is my IMP preauthenticate hook:
>>>
>>> public function preauthenticate($userId, $credentials)
>>> {
>>> switch ($credentials['authMethod']) {
>>> case 'admin':
>>> return true;
>>>
>>> case 'authenticate':
>>> // Example #1: Append the virtual domain to the username.
>>> // ex. $HTTP_HOST = 'mail.mydomain.com', $userId =
>>> 'myname' returns:
>>> // 'myname at mydomain.com'
>>> $vdomain = 'my.domain.com';
>>> return array (
>>> 'credentials' => $credentials,
>>> 'userId' => $userId . '@' . $vdomain
>>> );
>>> }
>>> }
>>>
>>>
>>>
>>> On 06.08.2021 00:31 ч., Michael J Rubinsky wrote:
>>>>
>>>> Quoting Ivajlo Karabojkov <ivo at tugab.bg>:
>>>>
>>>>> Hi,
>>>>>
>>>>> I'm trying to set up a Horde with LDAP authentication and user
>>>>> management.
>>>>> Each mail domain should have its own horde configuration and users
>>>>> log in with their username (cn). But the IMAP server works in
>>>>> "virtual users" mode and expects as an username the e-mail
>>>>> address, consisting the username (cn)+"@"+domain.com.
>>>>> Is it possible to configure IMP to send the whole e-mail address
>>>>> as an username to the IMAP server without asking users to enter it
>>>>> as username?
>>>>
>>>> Sounds like you want IMP's preauthenticate hook. See
>>>> imp/config/hooks.php.dist
>>>>
>>>>
>>>>
>>>>
>>>>> Best regards,
>>>>> Ivo
>>>>> --
>>>>> Horde mailing list
>>>>> Frequently Asked Questions: http://horde.org/faq/
>>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>>
>>>>
>>>>
>>>>
>>>
>
>
>
More information about the horde
mailing list