Vacation Application

Kenneth Marshall ktm at rice.edu
Fri May 15 10:30:17 EDT 2009


On Fri, May 15, 2009 at 10:05:06AM -0400, Gottschalk, David wrote:
> I'm in the process of setting up smartsieve now, but I'm wondering how to write a hook for login details.
> 
> I see the sample in the conf.php, but I don't entirely understand what is going on or how to write my own. I'd like to have a hook that authenticates username and password against ldap, and pulls the server for them to login to.
> 
> Any pointers/examples?
> 
> Thanks for any help!
> 
> David Gottschalk 
> Emory University
> UTS Messaging Team
> 

David,

Unless you are using a SSO system, you will still need to authenticate
to the sieve server. The problem there is to use the right backend if
you have multiple backends. In our case, we have a Berkeley DB map file
that contains the user -> backend mappings that we also use for our
perdition IMAP/POP proxy to the backends. For that we use something like:

        $passwd = Crypto::decrypt($smartsieve['passwd']);

        $managesieve = new Managesieve();
        // Open server based on popmap.bdb entry
        $id = dba_open("/etc/opt/perdition/popmap.bdb","r","db4");
        if (!$id) {
            return 'authenticate: unable to open popmap';
        }
        if (dba_exists($smartsieve['authz'], $id)) {
            $ret = $managesieve->open(dba_fetch($smartsieve['authz'], $id), 2000, SmartSieve::getConf('socket_timeout',
 2));
        }
        else
        {
            dba_close($id);
            return 'authenticate: no mail server found';
        }
        dba_close($id);

        if ($ret !== true) {
            $err = $managesieve->getError();
 
in lib/SmartSieve.lib. You would want to do something similar to
identify your backend. LDAP can be used as well but since we already
need the flatfile for perdition we just used it. We do pull and updated
list of aliases to prepopulate the vacation fields using the
getEmailAddresses() hook in config.php. Something like this could also
be used to pull the backend from your LDAP directory:

/**
 * Example get_email_addresses_hook function.
 *
 * @return array The list of email addresses
 */
function getEmailAddresses()
{
    $addresses = array();
    if (extension_loaded('ldap')) {
        $ds = ldap_connect('ldap.rice.edu');
        if ($ds) {
            if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
                fatal_error("Failed to set LDAP Protocol version to 3, TLS not supported.");
            }
            // starttls is broken in php 5.2.1
            //if (!ldap_start_tls($ds)) {
            //    fatal_error("Ldap_start_tls failed");
            //}
            // anonymous bind to get mailAlternateAddress entries
            $r = ldap_bind($ds);
            $sr = ldap_search($ds, "dc=rice,dc=edu", 
                              "uid=".$_SESSION['smartsieve']['authz']);
            $entries = ldap_get_entries($ds, $sr);
            for ($i=0; $i<$entries['count']; $i++) {
                for ($j=0; $j<$entries[$i]['mailalternateaddress']['count']; $j++) {
                    $addresses[] = $entries[$i]['mailalternateaddress'][$j];
                }
            }
        }
        ldap_close($ds);
    }
    return $addresses;
}

I hope that this helps.

Regards,
Ken

> 
> -----Original Message-----
> From: Kenneth Marshall [mailto:ktm at rice.edu] 
> Sent: Tuesday, March 10, 2009 3:06 PM
> To: Gottschalk, David
> Cc: Nic Bernstein; info-cyrus at lists.andrew.cmu.edu
> Subject: Re: Vacation Application
> 
> We use SmartSieve (http://smartsieve.sourceforge.net/) to
> manage vacation/sieve scripts. We look up the appropriate backend
> in our LDAP directory, but a DNS lookup could be done just as
> easily. It is simple to setup an configure, 1.0RC2.
> 
> Cheers,
> Ken
> 
> On Tue, Mar 10, 2009 at 03:00:39PM -0400, Gottschalk, David wrote:
> > No murder here.
> > 
> > Oldschool Cyrus setup. I want to upgrade it actually, but there are 30K + accounts on these 3 servers.
> > 
> > The only problem I see with having it try each server, but failing how do you know if it really isn't that server, or there is just a network issue.
> > 
> > David Gottschalk
> > UTS Email team
> > david.gottschalk at emory.edu
> > 
> > 
> > -----Original Message-----
> > From: Nic Bernstein [mailto:nic at onlight.com]
> > Sent: Tuesday, March 10, 2009 2:00 PM
> > To: Gottschalk, David
> > Cc: info-cyrus at lists.andrew.cmu.edu
> > Subject: Re: Vacation Application
> > 
> > On 03/10/2009 12:42 PM, Gottschalk, David wrote:
> > > Hi All,
> > >   I have a question regarding a vacation application for Cyrus servers. I want to know what others are using to meet this need. Currently, we have a home grown application that allows users to enable/disable vacation messages for their Cyrus accounts. This application is old and outdated, and needs to be replaced. I found the Horde vacation application which looks like it will meet my needs, but I have one issue. We currently have three Cyrus servers with all the accounts spread out across those three servers. The problem I am running into with any vacation application, is how to identify to the vacation application which server a user is on without the user needing to know this information. Is anyone else in a similar situation?
> > >
> > Um, use a murder?  Otherwise you may want to adapt something like the
> > cyrus user validation script which was recently posted here.  Your
> > application could then perform lookups in the output of that script.
> > Lastly, you could just let you application attempt authenticating
> > against each server, in turn, stopping once it succeeds.
> > 
> > Cheers,
> >     -nic
> > 
> > --
> > Nic Bernstein                             nic at onlight.com
> > Onlight llc.                              www.onlight.com
> > 2266 North Prospect Avenue #610           v. 414.272.4477
> > Milwaukee, Wisconsin  53202-6306          f. 414.290.0335
> > 
> > 
> > This e-mail message (including any attachments) is for the sole use of
> > the intended recipient(s) and may contain confidential and privileged
> > information.  If the reader of this message is not the intended
> > recipient, you are hereby notified that any dissemination, distribution
> > or copying of this message (including any attachments) is strictly
> > prohibited.
> > 
> > If you have received this message in error, please contact
> > the sender by reply e-mail message and destroy all copies of the
> > original message (including attachments).
> > ----
> > Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> > 
> 


More information about the Info-cyrus mailing list