SSO + LDAP (global addressbook)

plugins/kolab_sso/README

@@ -44,20 +44,22 @@ master user credentials in plugin's config.
 [SMTP] For the same reason and also because the same master user does not work in Postfix,
 you have to specify SMTP connection parameters/user+password.
 
+[LDAP] Global addressbook (read-only) requires LDAP user/password. 'user_specific' option does
+not work as well as proxy authentication.
+
 [Freebusy] Authentication into kolab-freebusy service is not yet implemented. A solution for
 now is to add Roundcube host(s) into trustednetworks.allow option in kolab-freebusy service config.
 
 [Chwala] Authentication to Chwala will work if it uses the same (session) database as Roundcube.
 Additionally set $config['fileapi_plugins'] = array('kolab_sso', 'kolab_auth', 'kolab_folders');
 Authenticating to Seafile/WebDAV storage is not supported (until it's custom user-defined
-storage with saved password).
+storage).
 
 
 TODO
 ----
 
-- LDAP addressbook
-- kolab_delegation (LDAP auth)
+- kolab_delegation (LDAP auth for write operation)
 - Chwala+Seafile
 - Chwala+WebDAV
 - Freebusy auth

plugins/kolab_sso/config.inc.php.dist

@@ -4,10 +4,10 @@
 $config['kolab_sso_debug'] = true;
 
 // IMAP (master) user
-$config['kolab_sso_username'] = 'cyrus-admin';
+$config['kolab_sso_imap_user'] = 'cyrus-admin';
 
 // IMAP (master) password
-$config['kolab_sso_password'] = 'password';
+$config['kolab_sso_imap_pass'] = 'password';
 
 // SMTP server host
 // To override the SMTP port or connection method, provide a full URL like 'tls://somehost:587'
@@ -19,6 +19,12 @@ $config['kolab_sso_smtp_user'] = '';
 // SMTP password
 $config['kolab_sso_smtp_pass'] = '';
 
+// LDAP user DN
+$config['kolab_sso_ldap_user'] = 'uid=kolab-service,ou=Special Users,dc=example,dc=org';
+
+// LDAP password
+$config['kolab_sso_ldap_pass'] = 'password';
+
 // Require SSO logon by removing possibility to logon with user/password
 $config['kolab_sso_disable_login'] = false;
 

plugins/kolab_sso/kolab_sso.php

@@ -162,6 +162,7 @@ class kolab_sso extends rcube_plugin
             $this->add_hook('storage_connect', array($this, 'storage_connect'));
             $this->add_hook('managesieve_connect', array($this, 'storage_connect'));
             $this->add_hook('smtp_connect', array($this, 'smtp_connect'));
+            $this->add_hook('ldap_connected', array($this, 'ldap_connected'));
             $this->add_hook('chwala_authenticate', array($this, 'chwala_authenticate'));
         }
 
@@ -185,8 +186,8 @@ class kolab_sso extends rcube_plugin
      */
     public function storage_connect($args)
     {
-        $user = $this->rc->config->get('kolab_sso_username');
-        $pass = $this->rc->config->get('kolab_sso_password');
+        $user = $this->rc->config->get('kolab_sso_imap_user');
+        $pass = $this->rc->config->get('kolab_sso_imap_pass');
 
         if ($user && $pass) {
             $args['auth_cid']  = $user;
@@ -209,6 +210,23 @@ class kolab_sso extends rcube_plugin
         return $args;
     }
 
+    /**
+     * ldap_connected hook handler
+     */
+    public function ldap_connected($args)
+    {
+        $user = $this->rc->config->get('kolab_sso_ldap_user');
+        $pass = $this->rc->config->get('kolab_sso_ldap_pass');
+
+        if ($user && $pass && $args['user_specific']) {
+            $args['bind_dn']       = $user;
+            $args['bind_pass']     = $pass;
+            $args['search_filter'] = null;
+        }
+
+        return $args;
+    }
+
     /**
      * Chwala_authenticate hook handler
      */