[turba] turba permissions....

Amith Varghese amith at xalan.com
Wed Feb 26 12:49:37 PST 2003


> yes i noticed, it works as each username returned by Auth::getAuth() will be
> declared an admin for that turba source... i suppose it is a solution, but a
> bit ugly to expect this php in the config files.

you've just described alot of my config files :)  For example, this is how I
construct my Personal Address Book's for all my users

'root' => 'ou=' . Auth::getAuth() . ',ou=Personal Address Book,dc=mydomain,dc=com',
'bind_dn' => 'uid=' . Auth::getAuth() . ',ou=People,dc=mydomain,dc=com',
'bind_password' => Auth::getCredential('password'),

This is ugly, but it works well.  I don't know of any other way to do it.

> i'd say it is a source which is available to be viewed/read by any user
> regardless of login. a "personal" ldap would come under this definition i
> suppose, if it is somehow handling all the auth and horde should not worry
> about
> what the end user is. although i agree it is not exactly logical when
> comparing
> the naming/settings values.

hmm... i would disagree here.  I'm not sure how I could say that a Personal
Address Book should be viewed/read by any user regardless of login.  But maybe
your defintion of personal addressbook is different than mine? :)

> or maybe we need a setting to say that horde should not be checking perms?
> maybe
> the public/readonly can be part of a perms array in the sources.php file:
> 'checkperms' => array('public' => true, 'readonly' => 'false')

I kind of like this idea... but if we're starting to go down this route should
we use the Perms:: system to handle this?  and maybe have "default" permissions
set in sources.php?

Amith



More information about the turba mailing list