[Kolab-devel] Allow one domain admin to manage several domains

Timotheus Pokorra timotheus at pokorra.de
Wed Apr 17 10:08:35 CEST 2013 

Hello,
I have worked during the past days on a patch for Kolab, that allows
to give permissions to one customer to manage several domains.
It uses the drop down menu in the upper right corner, same as it works
for the cn=Directory Manager. And it makes use of the fact that a user
with role kolab-admin has permissions to a domain if the user
reference is part of the uniqueMember list of "cn=Directory
Administrators*" of the domain.

The user reference must look like this at the moment:
uid=admin,ou=People,dc=test1,dc=tbits,dc=net
I am wondering if I can manage to use an email address instead, which
identifies the admin, and convert that internally to the LDAP
reference.

I have a patch for the Kolab 3.0 release here:
https://gist.github.com/tpokorra/5244642#file-patchmultidomainadmins-patch

and I have also committed it to a branch of the current kolab development:
https://github.com/tpokorra/kolab-wap/commit/1b70df580177e8f7a86b50adab51b9e244d9106e

Things I have changed:

First I modified LDAP.php, function list_domains, so that it returns
all domains that have the current user in their list of "Directory
Administrators":
https://github.com/tpokorra/kolab-wap/blob/1b70df580177e8f7a86b50adab51b9e244d9106e/lib/Auth/LDAP.php#L396

I had to modify Conf.php to read all available domains from the kolab.conf file:
https://github.com/tpokorra/kolab-wap/blob/1b70df580177e8f7a86b50adab51b9e244d9106e/lib/Conf.php#L62
(Thinking of this in light of the other multi-domain thread: if we
don't want domains in kolab.conf, this has to be solved in another
way)

Then I modified the web adminstration panel to support adding users to
the "Directory Administrators" of a domain, when editing the domain:

https://github.com/tpokorra/kolab-wap/blob/1b70df580177e8f7a86b50adab51b9e244d9106e/lib/api/kolab_api_service_domain_types.php#L67
https://github.com/tpokorra/kolab-wap/blob/1b70df580177e8f7a86b50adab51b9e244d9106e/lib/client/kolab_client_task_domain.php#L227
and line 235
https://github.com/tpokorra/kolab-wap/blob/1b70df580177e8f7a86b50adab51b9e244d9106e/lib/kolab_api_service.php#L89

In LDAP.php, I have modified:
added new function domain_admin_save which is called from function domain_edit
https://github.com/tpokorra/kolab-wap/blob/1b70df580177e8f7a86b50adab51b9e244d9106e/lib/Auth/LDAP.php#L154

and the reading of permissions, in domain_info:
https://github.com/tpokorra/kolab-wap/blob/1b70df580177e8f7a86b50adab51b9e244d9106e/lib/Auth/LDAP.php#L257

I hope I have changed as little as possible, and not broken anything else.

Please let me know what you think!

Thanks,
  Timotheus

More information about the devel mailing list