Admin Permissions Howto
A Webmail-only installation without featuring the Horde portal
- Of course, you will have to let IMP handle the authentication:
- In the Administration/Setup menu, choose the Horde (horde) application, then the Authentication tab.
- The Horde administrators will need Horde's Administrator menu, so you will need a user group to grant them particular permissions:
- In the Administration/Groups menu, add a new group, say Administrators.
- Add all Horde administrators to that group.
- Now you are ready to set the permissions, so ordinary users won't see the Horde portal link:
- In the Administration/Permissions menu, add the new permission: Horde (horde).
- Edit the Horde (horde) entry to grant the following permissions:
- To all authenticated users: Read, Edit, Delete. (This will remove the sidebar menu entry for Horde.)
- To the Administrators group: Show, Read, Edit, Delete. (This will retain the sidebar menu entry.)
- Remove Horde from the top-bar menu (if it appears there at all):
- As a Horde administrator, open (in the sidebar) the Administration/Setup menu.
- In the Application field, choose the Mail (imp) entry.
- Under the External Utilities and Menu tab, edit the Menu settings, then click on Generate Mail Configuration.
- Note: You can, of course, use Turba and Ingo with your Webmail installation; in this case, you will here activate their respective entries for the Imp menu.
- If you have Turba, or Ingo, installed then edit their respective menu settings, in the same way.
- Instruct your users on how to set Horde's Global Options, particularly the preferred language:
- In top bar of the Options submenu, in the Edit options for field, choose the Global Options application,
- then, if necessary, klick on the Go button, nearby.
- Note: In German, this bit is particularly confusing, as both Horde's Global Options, and Imp's General Options are termed alike, viz. Allgemeine Einstellungen.
- Note: Alternatively, you could try to include Horde's Global Options with Imp's option menu, by modifying imp/config/prefs.php, but that is beyond the scope of this advice.
To allow authenticated users to see the time tracking module you must give at least Show and Read permissions to the "hermes" application
- Choose Administration --> Permissions
- Click on the All Permissions "keys" icon
- When the "Add a child Permission" pane appears, choose the Hermes module
- Click the Add button
- Click the "notepad" icon to edit the permissions for Hermes
- On the default permissions tab, check Show and Read
To allow a user to be able to Review time from other users you must make changes to the hermes permissions. Here are the steps:
- Choose Administration --> Permissions
- If the Hermes permissions are not yet set, follow the steps above.
- Click on the Hermes "keys" icon
- When the "Add a child Permission pane appears, choose the Time Review module
- Click on the Permissions tab for the user or group that you want check, Show
A read-only LDAP address book
To allow authenticated users to search the addressbook of your organization (provided it is kept on an LDAP server), and to use the e-mail addresses contained therein to compose messages:
1. Define, in turba/config/sources.php, that addressbook, using sizelimit, export, and browse to prevent large-scale address copying, e. g.:
/** Central E-Mail Directory (read-only) **/
$cfgSources['localldap'] = array('title' => _("E-Mail directory Example Ltd."),
'type' => 'ldap',
'params' => array('server' => 'ldap.example.com',
'port' => '389',
'tls' => false,
'root' => 'ou=people,o=Example Ltd.,c=com',
'charset' => 'utf-8',
'sizelimit' => 200,
'scope' => 'one',
'version' => 3),
'map' => array('__key' => 'dn',
'name' => 'cn',
'email' => 'mail'),
'search' => array('name', 'email'),
'strict' => array('dn'),
'export' => false,
'browse' => false);
2. Login to Horde as an administrator, then select the Administration/Permissions menu.
- Under All Permissions, add new permission Address Book (turba)
- Under Address Book (turba), add new permission Sources (sources)
- Under Sources (sources), add new permission E-Mail directory Example Ltd. (localldap)
- Edit the added permissions to grant all authenticated users the following rights:
- Address Book (turba): Show, Read, Edit, Delete (This will provide access to turba via the menus.)
- Sources (sources): Show, Read, Edit, Delete
- E-Mail directory Example Ltd. (localldap): Show, Read (This will hide, in the several menus, all editing operations that would otherwise cause weird error messages.)