bookmark_borderHorde 3.3.10 customizing – Patch for more flexible administration of users and groups

Horde Groupware is a great couple of end-user applications with a lot of flexibility. It supports many different sources or backends for retrieving authorized users and putting them into groups which have access to some resources like calendars, address books or inventory lists. Horde includes a GUI for editing users and groups if the backend supports it. The GUI is accessible only to those users which have the global administrator privilege set in the conf.php configuration file. Users with this flag can access all administrative options like the SQL shell, the configuration editor and the permission tree. This is usually not what you want. Administrators want to delegate tedious user and group management to moderators or managers, but they do not want to enable these people to make harmful changes to the general application setup. Even worse, administrator users always see all applications, even those not properly setup for usage. There’s no way to disable that.

To fix this, I have provided a patch against horde 3.3.10 which allows more flexible administration permissions. You can now allow certain users to access only some administration screens like the users screen or the groups screen while not allowing them access to the permissions editor at the same time. These users will be presented only the administrative links which they have access to. Technically, they don’t get the isAdmin flag, so they don’t need to view everything a full administrator can see. I used the horde permissions system to implement access management, after Jan Schneider suggested this move instead of writing a full “account management module”. There is no feedback yet if this patch will make it into mainstream horde3 but I will use it on some horde installations.

bookmark_borderHorde Updates: Base module 3.3.10 RPMs for SLES and OpenSUSE

New Horde Version available as OpenSUSE package

Horde just released version 3.3.10 of their base application along with some minor updates to imp and dimp. After 3.3.9 had some regressions that caused trouble editing preferences, I decided to upgrade the horde RPMs for OpenSUSE and SLES 11 to the new release. This also removed the dependency on PHP versions lower than 5.3 as the package is now working with the default openSUSE 11.3 php package.

Splitting  into vanilla horde and Kolab patched version

Releases of the horde rpm and some application packages contained some dated patches for working together with the Kolab groupware server. I asked upstream Kolab author Gunnar Wrobel and he suggest a clean split between a standard and a kolab version of the horde package. Beginning with the next updates of the package I will implement this split offering two conflicting versions.

Turba LDAP driver patch

The LDAP backend driver for the Turba Contact Manager makes some optimistic assumptions on the privileges (ACLs) 0f the binding LDAP user. By default, it assumes it can add new contacts (which is not true for typical company addressbooks) and if you have ACLs to only some attributes of an entry, for example your own work phone but not your name or job title, Turba tries to write the whole entry.
I submitted a patch for the Turba LDAP driver which makes Turba only try to write attributes which have actually changed.

bookmark_borderHorde 3.3.9 SLES 11SP1 and OpenSUSE RPMs

Horde has been in Suse Linux for many years, but recently the packages were outdated, some even missing.

I have taken over the horde packages in the OpenSUSE and SLES 11 PHP applications repository.  Currently Horde has been updated to 3.3.9, but also mimp, mnemo, turba, and kronolith have been updated to recent versions. The dynamic ajax webmail interface dimp and the file manager gollem have been added as new packages in their current version.

While I am actively testing and using these packages, these packages come with no sort of guarantee.

The packages have a dependency on PHP < 5.3 as there are some known issues with horde 3.3.9 Alarms under PHP 5.3. While SUSE Linux Enterprise Server 11 SP1 comes with PHP 5.2, users of OpenSUSE 11.3 need to get PHP < 5.3 from another repository. I am currently trying to find out if I can easily patch this to work with PHP 5.3 and up.

One note for new users: These packages do not install mysql, php-mysql or the  php5-pear-mdb2_driver_mysqli package, which you probably want to install when using horde with mysql.

Stay tuned for more packaged horde apps, framework components and patches.