[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [phpGroupWare-users] Re: phpGW for Unix users managed by LDAP
|
From: |
Dave Hall |
|
Subject: |
Re: [phpGroupWare-users] Re: phpGW for Unix users managed by LDAP |
|
Date: |
Thu, 26 Oct 2006 23:30:55 +1000 |
Hi Emanuel,
On Thu, 2006-10-26 at 01:18 -0700, Emanuel Ziegler wrote:
>
> Wow that were fast and comprehensive replys!
>
> Ok, I'll try to answer both replys in this post. I run php4 since I
> don't see the need to change to php5.
>
> 1) eMail: I don't really understand the question about the login
> format so I'll just guess. It is simply the username without any
> domain. The settings are: server type "IMAPS", IMAP server type "Cyrus
> or Courier", login type "standard", the domain is set to our
> institute's domain.
>
The email login you use is the same as the phpgw login? And the
passwords are the same too?
> I tried to deactivate the user's settings and indeed the "GeekBar"
> shows "did connect: [yes (0)]" the first time. After reloading the
> page it changes to "did connect: [no]" so I'm not sure it works or
> not.
>
It did work, it caches the data to reduce the load on your mail server
and to work around a limitation of the imap c-client library on larger
installs.
> 2) Password: I'm looking forward to that patch - but it's not urgent
> since I want to evaluate phpGroupWare a little longer before opening
> it to our users.
>
> 3) LDAP: I created a new user, entered that one as root user and it
> still works :)
>
I thought it would
> However, the ldaps:// trick doesn't work for me since I don't use SSL
> but TLS encryption which runs via ldap protocol (ldaps is deprecated).
>
Hmmm ... there might be a patch (or hack) we can come up with for you
there :)
> 4) Groups: I think using the posix groups would be a good idea since
> the hierarchy is already set up and I don't want to do that again. In
> the meantime I'll live with the "Default" group, I guess. Since file
> management is has to be independent, the UIDs and GIDs don't matter.
>
It does if you add the phpgw attributes to your existing tree (test on a
non production environment first). It also works if you import your
whole tree into sql accounts. Neither of these are optimal, but maybe
we can come up with something at the conference in Paris next month.
> 5) Filemanager: One could solve this problem with a CGI-program that
> runs as SUID, but I guess this would introduce huge security holes
> (what if it is not accessible from apache2, but from phpgw - is that
> possible).
>
phpgw runs as apache. I suppose you could create a daemon which runs on
the box as root which phpgw connects to for file management. I am not
offering to cost such a monster. It would be like having a root account
with a 2 ascii character password. I think it is a bad idea, not only
from a security perspective, but also it goes against the design of the
phpgw virtual file system (vfs) which filemanager sits on top of.
> Anyway, the filemanager does not work at all (for the user eziegler it
> insists on the path /home/eziegler which cannot be created - can I
> change this setting?) Maybe I have to select "Do you want to manage
> home directories?" in the "If you use LDAP" section to "yes", but I
> don't want to store the information in LDAP, I just want it to use the
> prefix value given below.
Did you set the path for the vfs correctly in setup? Is it owned by
www-data:www-data (or the apache user and group) mode 770 ? Try that
and it should work fine.
Cheers
Dave
--
Dave Hall (aka skwashd)
API Coordinator
phpGroupWare
e address@hidden
w phpgroupware.org
j address@hidden
sip address@hidden
_ ____ __ __
_ __ | |__ _ __ / ___|_ __ ___ _ _ _ _\ \ / /_ _ _ __ ___
| '_ \| '_ \| '_ \| | _| '__/ _ \| | | | '_ \ \ /\ / / _` | '__/ _ \
| |_) | | | | |_) | |_| | | | (_) | |_| | |_) \ V V / (_| | | | __/
| .__/|_| |_| .__/ \____|_| \___/ \__,_| .__/ \_/\_/ \__,_|_| \___|
|_| |_| |_|Web based collaboration platform