[imp] Limit ldap user lists based on group membership.
Jan Schneider
jan at horde.org
Thu Apr 15 07:44:10 UTC 2010
Zitat von steen at ing-steen.se:
>> Zitat von steen at ing-steen.se:
>>
>> >
>> > Hello Folks!
>> >
>> > How do I limit user list based on a the ldap group of the administrator
>> > logged in (all is posix users and groups + shadow account) ?
>> >
>> > In my case ldap group is same as the logged in users mail domain.
>> > I have been looking around in the code, admin/user.php uses
> $users =
>> > $auth->listUsers(); for listing users.
>> >
>> > Or.. maby Horde was not designed for more advanced user administration
>> > tasks..
>>
>> No, it's not indeed. You can try to work around this by adding some
>> PHP code to horde/config/conf.php. You can change the filters in the
>> auth configuration dynamically, based on the current user. If your
>> user names are full DNs, you can simply extract the group from
>> Auth::getAuth(). Otherwise you'd have to do a separate LDAP lookup.
>
> I tried to add some PHP code in horde/config/conf.php which set $conf
> ['auth']['params']['filter'] so it sorts our users by group fails with
> Auth::getAuth(), It seems like conf.php is read in before I have the user
> logged in, only I could get hold of logged in user at this stage it would
> work, Faking a user by setting it static in conf.php additional code makes
> it work for that user.
>
> Then trying use set _horde_hook_preauthenticate almost works, now
> Auth::getAuth()is populated correctly and $GLOBALS
> ['conf']['auth']['params']['filter'] is also set, BUT the value seems to
> get lost, because if I print it out in the lib/Horde/Auth/ldap.php
> listUsers() function (echo 'filter ' . $filter;) the old filter value get
> back again.
>
> I got the feeling that it is something with GLOBALS preventing me to set a
> proper value to filter, how do I confinue ?
The configuration is cached in the session. Try a:
$GLOBALS['registry']->clearCache();
before changing the configuration parameter.
Jan.
--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
More information about the imp
mailing list