[turba] read-only ldap sources
Liam Hoekenga
liamr at deathstar.org
Tue Dec 4 22:40:47 UTC 2007
Chuck Hagenbuch wrote:
> Quoting Liam Hoekenga <liamr at deathstar.org>:
>
>
>> I just want to confirm the process of marking an LDAP source as
>> read-only. We'd had trouble with this when we'd tried to deploy Horde
>> 3.1 last fall, and I'm not sure if it's explicitly documented anywhere.
>>
>> To make a read-only LDAP source, you need to use the permissions systems
>> (and to use the permissions system, you need to have DataTree turned on?).
>>
>> From within the permissions screen in the admin section...
>> - Add a child permission to "All Permissions" for "Address Book (turba)
>> - Add a child permission to "Address Book (turba)" for "Sources"
>> - Add a child permission to "Sources" for the name of the RO LDAP resource
>> - Change the permssions on the RO LDAP resource to "Show / Read" for
>> "All Authenticated Users"
>>
>
> Correct.
>
>
Do We need to set permissions for each child permission added? I'd
tried only setting the permissions of the RO LDAP resource, and when I
tried to access Turba as a non-admin user, the log said
Dec 04 17:32:37 HORDE [debug] [] User webtest does not have READ
permission for turba [on line 795 of
"/usr/local/projects/webmail/html-dev/horde/lib/Horde/Registry.php"]
To allow access the test user to access Turba, I had to grant each "show
/ read" to each child.
What permissions should I be setting (show, read, edit, delete), and
what are the implications?
Liam
More information about the turba
mailing list