+ Admin Permissions Howto [[toc]] ++HermesHorde +++ A Webmail-only installation without featuring the Horde portal # Of course, you will have to let Imp handle the authentication: * In the Administration/Setup menu, choose the //Horde (horde)// application, then the //Authentication// tab. # The Horde administrators will need Horde's //Administrator// menu, so you will need a particular user group to grant them particular permissions: * In the Administration/Setup menu, add a new group, say //Administrators//. * Add all Horde administrators to that group. # Now you are ready to set the permissions, so ordinary users won't see the Horde portal: * In the Administration/Permissions menu, add the new permission: //Horde (horde)//. * Edit the //Horde (horde)// entry to grant the following permissions: * To all authenticated users: Read, Edit, Delete. (This will remove the Sidebar menu and the Horde entry in the top menu.) * To the //Administrators// group: Show, Read, Edit, Delete. (This will retain the Sidebar menu and the Horde entry in the top menu.) # Instruct your users on how to set Horde's //Global Options//, particularly the preferred language: * In top bar of the //Options// submenu, in the //Edit options for// field, choose the //Global Options// application, * then, if necessary, klick on the //Go// button, nearby. * Note: In German, this bit is particularly confusing, as both Horde's //Global Options//, and Imp's //General Options// are termed alike, viz. //Allgemeine Einstellungen//. ----To++ Hermes To allow authenticated users to see the time tracking module you must give at least Show and Read permissions to the "hermes" application * Choose Administration --> Permissions * Click on the All Permissions "keys" icon * When the "Add a child Permission" pane appears, choose the Hermes module * Click the Add button * Click the "notepad" icon to edit the permissions for Hermes * On the default permissions tab, check Show and Read * If the Hermes permissions are not yet set, follow the steps above. * Click on the Hermes "keys" icon * When the "Add a child Permission pane appears, choose the Time Review module * Click on the Permissions tab for the user or group that you want check, Show ---- ++ Turba +++ A read-only LDAP address book To allow authenticated users to search the addressbook of your organization (provided it is kept on an LDAP server), and to use the e-mail addresses contained therein to compose messages: 1. Define, in turba/config/sources.php, that addressbook, using {{sizelimit}}, {{export}}, and {{browse}} to prevent large-scale address copying, e. g.: <code type="php"> /** Central E-Mail Directory (read-only) **/ $cfgSources['localldap'] = array( 'title' => _("E-Mail directory Example Ltd.") , 'type' => 'ldap' , 'params' => array( 'server' => 'ldap.example.com' , 'port' => '389' , 'tls' => false , 'root' => 'ou=people,o=Example Ltd.,c=com' , 'charset' => 'utf-8' , 'sizelimit' => 200 , 'scope' => 'one' , 'version' => 3 ), , 'map' => array( '__key' => 'dn' , 'name' => 'cn', , 'email' => 'mail' ), , 'search' => array( 'name', , 'email' ), , 'strict' => array('dn') , 'export' => false , 'browse' => false ); </code> 2. Login to Horde as an administrator, then select the Administration/Permissions menu. # Under //All Permissions//, add new permission //Address Book (turba)// # Under //Address Book (turba)//, add new permission //Sources (sources)// # Under //Sources (sources)//, add new permission //E-Mail directory Example Ltd. (localldap)// # Edit the added permissions to grant all authenticated users the following rights: * //Address Book (turba):// Show, Read, Edit, Delete (This will provide access to turba via the menus.) * //Sources (sources):// Show, Read, Edit, Delete * //E-Mail directory Example Ltd. (localldap):// Show, Read (This will hide, in the several menus, all editing operations that would otherwise cause weird error messages.)