[kronolith] virtual domain sharing - dynamic auth params basedn ?

Edwin L. Culp eculp at encontacto.net
Fri Jul 8 15:11:47 PDT 2005


Quoting Mark <xa87n at yahoo.com>:

>> > If this can also be done with groups and permissions, and someone
>> > wants to help push me the right way, that would be nice also. I've
>> > searched the lists and google, but haven't found out much except
>> > that it should be possible. It seems a bit messy to do it that way,
>
>> > I would have to make a group for each domain, then add users one by
>
>> > one via Admin gui/user..or most likely I'm missing something and
>> > this is why I'm asking for little help. :)
>>
>> If you already have a list of users and can determine from the
>> username to which domain they belong, you could use the hook backend
>> for Horde groups. This way you at least have all groups set up
>> already. You will see all users and all groups from your server
>> though.
>
> Yes, thanks, I now remember seeing the hook, and thinking to maybe call
> groups by domain name, make groups, and then modify the permissions
> page in kronolith to use this to display only usernames/email inside
> that domain. I'm still learning my way around the modules and this is
> just a very uneducated idea, I will have more time this weekend to work
> on it.
>
> Any thoughts on the second part of my question (making conf-auth*basedn
> "dynamic" somehow)? From my unfamiliar side it seems like that would be
> a more generic solution that might then work for all modules, instead
> of trying to hacking Kronolith, and then maybe another module will need
> the same.
>
> It is interesting that no one came accross this before, how do all the
> people work this out? Or perhaps most installations have just one or a
> couple of domains, and its ok then to just see all the users.
> I forgot to say, running HEAD here.

I, too, wanted to add a little privacy to virtual domain users.  I have 
no idea what I'm doing and what I've do so far could be completely 
wrong.  Any and all comments and suggestions are welcome.  First 
Change: Restructure my ldap tree and create a domain based ou for each 
virtual domain.  Seems to work as expected and only users from the 
domain are now visible. Second: modify the horde/conf.php file to 
generate all the file storage (vfs) dymanically also based on the 
domain name. It still needs finishing touches and testing.

Third: Ben commited ldap groups a couple of weeks ago but I haven't 
taken the time to look at it yet, but hope to this weekend or early 
next week.  Hopefully it will make grouping permissions easier but I 
still don't know.  Not very much but it's better that a couple of days 
ago;)  ed


More information about the kronolith mailing list