[Kolab-devel] Kolab-Webadmin group memberships

Jeroen van Meeuwen (Kolab Systems) vanmeeuwen at kolabsys.com
Tue Feb 11 15:45:54 CET 2014


On 2014-02-11 14:20, Henning wrote:
> Hi,
> 
> kolab-webadmin is quite flexible concerning the design of your special
> environment. However for users I'm missing a "user.groups" section to
> easily identify the groups a user is member of. The section could be
> read-only, but it would make things easier to handle.
> For this I think one could have a look at the code somewhere in the
> roundcubemail addressbook.
> 
> I tried to figure out what to do, but I'm bad at php, so maybe one of
> you could spend some time on this.
> 

You're right, this would be a nice enhancement.

Just like we have "Role(s)" already there, we should also have 
"Group(s)".

It's a little tricky for roles are actually attached to the user object 
entry itself, and therefore almost "free" to pull in performance-wise.

Groups however work the other way around, and what is even worse is that 
dynamic groups would be omitted unless each of its searches is executed 
in an attempt to find whether or not the user is a member of such 
dynamic group (see groupofurls).

That said, this could be amended by enabling the memberOf plugin, though 
I'm not sure that would work for dynamic groups equally well as it does 
for static groups.

We expose an API call to find groups a certain user is a member of here:

   http://git.kolab.org/pear/Net_LDAP3/tree/lib/Net/LDAP3.php#n906

but note it does only direct membership of static groups, and not a 
scenario like the following (for a user uid=doe):

   dn: cn=mail-users,ou=Groups,dc=example,dc=org
   objectclass: groupofuniquenames
   uniquemember: cn=kolab-users,ou=Groups,dc=example,dc=org

   dn: cn=kolab-users,ou=Groups,dc=example,dc=org
   objectclass: groupofuniquenames
   uniquemember: uid=doe,ou=People,dc=example,dc=org

only the kolab-users group would be returned. One could probably loop, 
but watch out for infinite nesting.

Kind regards,

Jeroen van Meeuwen

-- 
Systems Architect, Kolab Systems AG

e: vanmeeuwen at kolabsys.com
m: +44 74 2516 3817
w: http://www.kolabsys.com

pgp: 9342 BF08


More information about the devel mailing list