[imp] IMP using LDAP backend for authentication and preferences

Judson Bishop judson.bishop at eamc.org
Thu Feb 3 06:32:49 PST 2005 

Not sure what how you have it set up.  I have sent most of this before,
but here is more of my configuration.  My backend is
postfix/cyrus/opnldap.  


I uncommented the cyrus stuff in 
/var/www/html/horde/imp/config/servers.php

My cyrus set up authenticates to openldap.

Then, as I said before I set it up this way:

/var/www/html/horde/config/conf.php
//Single sign on
$conf['auth']['admins'] = array('Administrator', '09049', 'Manager');
$conf['auth']['params']['app'] = 'imp';
$conf['auth']['driver'] = 'application';
$conf['auth']['checkip'] = true;


/var/www/html/horde/config/prefs.php
// what application should we go to after login?
$_prefs['initial_application'] = array(
    'value' => 'imp',
    'locked' => false,
    'shared' => true,
    'type' => 'select',
    'desc' => sprintf(_("What application should %s display after
login?"), $GLOBALS['registry']->get('name'))
);

This give me my automagically generated mail folders.  Everything here
is automated for 2,500 users, when they are hired they are given an
email address through LDAP and when they are fired they are deleted.

Jud Bishop

 
On Wed, 2005-02-02 at 23:16 -0700, Craig White wrote:
> On Tue, 2005-02-01 at 14:02 -0600, Aleksandar Milivojevic wrote:
> > Is it possible to use current user's username/password when storing 
> > preferences into LDAP database?
> > 
> > Currently, it seems that rootdn and password are mandatory fields when 
> > using LDAP preferences driver (they are not marked as required on the 
> > config page, but if left empty, horde fails to run with error message 
> > stating that they are required).
> > 
> > I'd expect if I was using same LDAP database for both auth and 
> > preferences, and if rootdn and password are empty, than user's 
> > credentials would be used for writing to the LDAP database (which is 
> > kind of more secure than allowing single user full access and storing 
> > that user's password in conf file on the disk).
> > 
> ----
> I'm watching this with some interest here as I found the same thing with
> HEAD...if I leave rootdn & rootdn password empty for what I assumed to
> be an anonymous bind, it fails.
> 
> Also - and this has to be because it's not patently obvious to me, I
> would love NOT having to log in once for horde (via LDAP) and then again
> for mail (IMAP)  My initial thought was to grep ldap imp/config/* but
> that returned as much the notion in my head to make it work as a single
> log in.
> 
> Other fish to fry tonight though.
> 
> Keep me posted - I have no problems following in any wake  ;-)
> 
> Craig
>

More information about the imp mailing list