[kronolith] virtual domain sharing - dynamic auth params basedn ?
Edwin L. Culp
eculp at encontacto.net
Fri Jul 8 15:11:47 PDT 2005
Quoting Mark <xa87n at yahoo.com>:
>> > If this can also be done with groups and permissions, and someone
>> > wants to help push me the right way, that would be nice also. I've
>> > searched the lists and google, but haven't found out much except
>> > that it should be possible. It seems a bit messy to do it that way,
>
>> > I would have to make a group for each domain, then add users one by
>
>> > one via Admin gui/user..or most likely I'm missing something and
>> > this is why I'm asking for little help. :)
>>
>> If you already have a list of users and can determine from the
>> username to which domain they belong, you could use the hook backend
>> for Horde groups. This way you at least have all groups set up
>> already. You will see all users and all groups from your server
>> though.
>
> Yes, thanks, I now remember seeing the hook, and thinking to maybe call
> groups by domain name, make groups, and then modify the permissions
> page in kronolith to use this to display only usernames/email inside
> that domain. I'm still learning my way around the modules and this is
> just a very uneducated idea, I will have more time this weekend to work
> on it.
>
> Any thoughts on the second part of my question (making conf-auth*basedn
> "dynamic" somehow)? From my unfamiliar side it seems like that would be
> a more generic solution that might then work for all modules, instead
> of trying to hacking Kronolith, and then maybe another module will need
> the same.
>
> It is interesting that no one came accross this before, how do all the
> people work this out? Or perhaps most installations have just one or a
> couple of domains, and its ok then to just see all the users.
> I forgot to say, running HEAD here.
I, too, wanted to add a little privacy to virtual domain users. I have
no idea what I'm doing and what I've do so far could be completely
wrong. Any and all comments and suggestions are welcome. First
Change: Restructure my ldap tree and create a domain based ou for each
virtual domain. Seems to work as expected and only users from the
domain are now visible. Second: modify the horde/conf.php file to
generate all the file storage (vfs) dymanically also based on the
domain name. It still needs finishing touches and testing.
Third: Ben commited ldap groups a couple of weeks ago but I haven't
taken the time to look at it yet, but hope to this weekend or early
next week. Hopefully it will make grouping permissions easier but I
still don't know. Not very much but it's better that a couple of days
ago;) ed
More information about the kronolith
mailing list