[imp] Limit ldap user lists based on group membership.

steen at ing-steen.se steen at ing-steen.se
Wed Apr 14 22:23:24 UTC 2010


> Message: 3
> Date: Tue, 13 Apr 2010 11:20:00 +0200
> From: Jan Schneider <jan at horde.org>
> To: imp at lists.horde.org
> Subject: Re: [imp] Limit ldap user lists based on group membership.
> Message-ID: <20100413112000.12144h8i0m4g9lxc at neo.wg.de>
> Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes";
>    format="flowed"
>
> Zitat von steen at ing-steen.se:
>
> >
> > Hello Folks!
> >
> > How do I limit user list based on a the ldap group of the administrator
> > logged in (all is posix users and groups + shadow account) ?
> >
> >       In my case ldap group is same as the logged in users mail domain.
> >       I have been looking around in the code, admin/user.php uses
$users =
> > $auth->listUsers(); for listing users.
> >
> > Or.. maby Horde was not designed for more advanced user administration
> > tasks..
>
> No, it's not indeed. You can try to work around this by adding some
> PHP code to horde/config/conf.php. You can change the filters in the
> auth configuration dynamically, based on the current user. If your
> user names are full DNs, you can simply extract the group from
> Auth::getAuth(). Otherwise you'd have to do a separate LDAP lookup.
>
> Jan.
>
> --
> Do you need professional PHP or Horde consulting?
> http://horde.org/consulting/
>
>
>
> ------------------------------
>
>
> --
> IMP mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe at lists.horde.org
>
> End of imp Digest, Vol 2566, Issue 1
> ************************************
>
>
> McAfee check.

Hello Jan!

I tried to add some PHP code in horde/config/conf.php which set $conf
['auth']['params']['filter'] so it sorts our users by group fails with
Auth::getAuth(), It seems like conf.php is read in before I have the user
logged in, only I could get hold of logged in user at this stage it would
work, Faking a user by setting it static in conf.php additional code makes
it work for that user.

Then  trying use set _horde_hook_preauthenticate almost works, now
Auth::getAuth()is populated correctly and $GLOBALS
['conf']['auth']['params']['filter'] is also set, BUT the value seems to
get lost, because if I print it out in the lib/Horde/Auth/ldap.php
listUsers() function (echo 'filter ' . $filter;) the old filter value get
back again.

I got the feeling that it is something with GLOBALS preventing me to set a
proper value to filter, how do I confinue ?

Regards //
               //  Peter Steen




McAfee check.


More information about the imp mailing list