[Kolab-devel] horde as kolab's web frontend or not

Richard Bos radoeka at xs4all.nl
Mon Jul 3 22:36:02 CEST 2006


Hi Gunnar,

you're always ahead of the pack :)

Op maandag 3 juli 2006 15:21, schreef Gunnar Wrobel:
> > The cyrus imap server settings contain kolab's manager and the manager's
> > password settings.
> > I assume that this is not desired and that this should be changed?
>
> This is probably not that easy. Horde uses this password to be able to
> store the internal uid of horde "shares". A share is a folder with a
> given type like "calender", "contacts" etc. The standard kolab
> groupware stuff. Horde stores information about these shares in the
> datatree. In order to keep the relation between the mail folder and
> the information in the datatree, horde attaches additional annotation
> to the mail folder. This way horde is able to identify the folder even
> if the user changed its name within another kolab client.

Where is datatree stored?  Is it stored in mysql?  When I dumped the mysql 
database(s) it did not contain any information...  But I think that is very 
much explainable as I did not create any calendar, contact, etc data yet.

> Usually it is perfectly sufficient to use the users password to save
> this horde specific annotation. This is NOT the case for shared
> folders that are not owned by the user. For global shares or shared
> folders that belong to other users horde currently uses the manager
> password in order to store its internal share id on the specific
> folder.
>
> I do believe that this whole system actually does not work as expected
> within horde. I did invest some time last week in order to understand
> what the original intention might have been but I'm not yet finished
> with that.

But how does an email client like kmail or outlook express do this?  Don't 
they have the same problems?  I mean they also have to deal with 'not owned 
shared folders' that get renamed....

> > The ldap server settings contain kolab's manager and the manager's
> > password settings.  Hmm, I just discovered tha the Bind Password in my
> > configuration is not correct.  This does not seem to harm the horde
> > functioning at all. Anyway I assume that the manager's password should be
> > removed here as well?
>
> I believe the ldap manager password was only ever used for storing the
> user preferences. The normal user password is definitely sufficient
> for that and the only thing that was missing was the unpriviledged
> user so that internal users can also save their preferences. This is
> the patch that I sent upstream and that Jan mentioned in his mail.
>
> The unpriviledged user should probably also be used in order to fix
> the login problems for internal users. I guess the current horde code
> does not allow these special users to use the webmail.

How much work does that involve, can you estimate this already?  Will you be 
working on this?  If this functionality gets added or improved, what impact 
would that have on the kolab configuration tab in horde?  Would that make it 
possible to remove the bind dn and bind password from that tab?  Or should 
they be replaced with some other value?

ps: In the current (horde) setup, 1 ldap server is assigned to 1 web server 
serving horde.  Is this okay, is this in line with the kolab philosophy or 
should an ldap server be assinged per user?  I understand that the latter is 
hard (perhaps impossible) to do.  


-- 
Richard Bos
Without a home the journey is endless




More information about the devel mailing list