Admin Permissions Howto

Table of Contents

  1. Admin Permissions Howto
    1. Horde
      1. A Webmail-only installation without featuring the Horde portal
    2. Hermes
    3. Turba
      1. A read-only LDAP address book


A Webmail-only installation without featuring the Horde portal

  1. Of course, you will have to let IMP handle the authentication:
  2. The Horde administrators will need Horde's Administrator menu, so you will need a user group to grant them particular permissions:
  3. Now you are ready to set the permissions, so ordinary users won't see the Horde portal link:
  4. Remove Horde from the top-bar menu (if it appears there at all):
  5. Instruct your users on how to set Horde's Global Options, particularly the preferred language:


To allow authenticated users to see the time tracking module you must give at least Show and Read permissions to the "hermes" application

To allow a user to be able to Review time from other users you must make changes to the hermes permissions. Here are the steps:


A read-only LDAP address book

To allow authenticated users to search the addressbook of your organization (provided it is kept on an LDAP server), and to use the e-mail addresses contained therein to compose messages:

1. Define, in turba/config/sources.php, that addressbook, using sizelimit, export, and browse to prevent large-scale address copying, e. g.:

/** Central E-Mail Directory (read-only) **/
$cfgSources['localldap'] = array('title' => _("E-Mail directory Example Ltd."),
                                 'type' => 'ldap',
                                 'params' => array('server'    => '',
                                                   'port'      => '389',
                                                   'tls'       => false,
                                                   'root'      => 'ou=people,o=Example Ltd.,c=com',
                                                   'charset'   => 'utf-8',
                                                   'sizelimit' => 200,
                                                   'scope'     => 'one',
                                                   'version'   => 3),
                                 'map'    => array('__key'     => 'dn',
                                                   'name'      => 'cn',
                                                   'email'     => 'mail'),
                                 'search' => array('name', 'email'),
                                 'strict' => array('dn'),
                                 'export' => false,
                                 'browse' => false);

2. Login to Horde as an administrator, then select the Administration/Permissions menu.

  1. Under All Permissions, add new permission Address Book (turba)
  2. Under Address Book (turba), add new permission Sources (sources)
  3. Under Sources (sources), add new permission E-Mail directory Example Ltd. (localldap)
  4. Edit the added permissions to grant all authenticated users the following rights: