6.0.0-git
2021-09-20

Diff for ImapSelectH3 between and 1

+ Dynamically selecting an IMAP server for authentication

**##red|This information is valid for Horde 3 only. See ImapSelectH4 for Horde 4 or ImapSelect for Horde 5 and later.##**

++ Introduction

During a migration from one IMAP server to another, the need arose to run both the old and the new IMAP servers in parallel. By default, Horde only allows a single primary server to be enabled in servers.php. Of course, we could have allowed our users to simply select their server by enabling IMAP server selection, but there is a better way. 
The first example shows a way using a !MySQL backend to select an IMAP server for authentication, given a username.
The second example instead uses the realmed username to select the IMAP server \
(i.e. the username used by Horde internally to prevent username clashes).
----

++ The SQL table

There are many ways to do this of course. In this example, we'll just be using a table with two rows:

<code>
---------------------------------------------------------
|   username        |     cyrus                         |
---------------------------------------------------------
</code>

Your table can be constructed however you like. It can even be a part of your existing Horde DB. The important point is that you need the table to be constructed in such a way as to be able to query a username and have the lookup return a server name from {{imp/config/servers.php}}.

++ Writing a hook

Here's some sample code for a hook placed inside horde/config/hooks.php:

<code type="php">
if (!function_exists('_horde_hook_preauthenticate')) {
    function _horde_hook_preauthenticate($userID, $credential, $realm)
    {
        require dirname(__FILE__) . '/../imp/config/servers.php';

        // Strip domain part from user.
        $userID = substr($userID, 0, strpos($userID, '@'));
        // Connect to database server.
        $db = mysql_connect('hostname', 'dbuser', 'dbpasswd') or die('Can not connect to database.');
        // Select database.
        mysql_select_db('dbname') or die('Can not select database.');
        // Execute the query
        $sth = mysql_query('SELECT server_name FROM users WHERE user=\'' . mysql_real_escape_string($userID) . '\'') or die ('Can not query database.');
        // Fetch the server name.
        $server = mysql_fetch_row($sth);
        if ($server === false) {
            die('Can not read user from database.');
        }

        // Set IMAP server values.
        foreach (array('server', 'folders', 'namespace') as $key) {
            $_SESSION['imp'][$key] = $servers[$server[0]][$key];
        }

        return true;
    }
}

</code>

All that's left to do, is to activate the preauthenticate hook in Horde's configuration.
----

++ IMAP server selection by realmed username
+++ Requirements
* IMP is used to do the authentication
* The usernames to authenticate against the mailserver may not have a domain part (separated with '@' from the username).
* There is more than one active server entry in {{imp/config/servers.php}}. _
 The realm values are different and the default server has an empty string as realm. _
 //**Note:**// The default server is either the first server entry in the list or the one with the **preferred** value _
 set.
* Realm values are only lowercase strings (e.g. 'server1.example.com').

++++ Examplary snippet of {{imp/config/servers.php}}
<code>/* Example configuration: */

$servers['imap'] = array(
    'name' => 'IMAP Server',
    'server' => 'imap.example.com',
    'hordeauth' => true,
    'protocol' => 'imap/notls',
    'port' => 143,
    'maildomain' => 'example.com',
    'smtphost' => 'smtp.example.com',
    'smtpport' => 25,
    'realm' => '',
    'preferred' => '',
);

$servers['imap1'] = array(
    'name' => 'IMAP Server 1',
    'server' => 'imap1.example.com',
    'hordeauth' => true,
    'protocol' => 'imap/ssl/novalidate-cert',
    'port' => 993,
    'maildomain' => 'example.com',
    'smtphost' => 'smtp.example.com',
    'smtpport' => 25,
    'realm' => 'imap1.example.com',
    'preferred' => '',
);
</code>

++++ Functionality of the hook
Entering the username {{smith}} in the login screen selects the necessary values given by {{$servers['imap']}}:
* Authentication against {{imap.example.com}}
* using protocol {{imap/notls}}
* ...

Entering the username {{smith@imap1.example.com}} instead selects the values of {{$servers['imap1']}}:
* Authentication against {{imap1.example.com}}
* using protocol {{imap/ssl/novalidate-cert}}
* ...

//**Note:**// 
* Horde treats them as different users with their own preferences.
* The selection of the server is done by the **realm** value **NOT** by the **server** value.

+++ The Preauthenticate-Hook
The following hook has to be inserted in {{config/hooks.php}}:
<code type="php">if (!function_exists('_horde_hook_preauthenticate')) {
    function _horde_hook_preauthenticate($userID, $credential, $realm)
    {
        require dirname(__FILE__) . '/../imp/config/servers.php';

        // Convert all to lower chars (even the possible domain part)
        $userID=strtolower($userID);
        // Strip domain part from user, if it exists.
        if (($domainpart = strpos($userID, '@'))) {
          $server=substr($userID, $domainpart+1);
          $userID=substr($userID, 0, $domainpart);
          // Change the values only if a domain part was found ...
          if (!empty($server)) {
            foreach ($servers as $serverkey => $curServer) {
              if (!empty($curServer['realm']) && $server == $curServer['realm']) {
                // We found an entry, now set IMAP server values.
                foreach (array('server', 'folders', 'namespace',
                  'protocol', 'port', 'smtphost', 'smtpport', 'maildomain') as $key) {
                  if (isset($servers[$serverkey][$key])) {
                    $_SESSION['imp'][$key] = $servers[$serverkey][$key];
                  }
                }
                // Now use only the stripped version of the userID to logon to the server
                $_SESSION['imp']['user'] = $userID;
                // Setup the correct base_protocol
                $_SESSION['imp']['base_protocol'] = $_SESSION['imp']['protocol'];
                if (($pos = strpos($_SESSION['imp']['protocol'], '/'))) {
                  $_SESSION['imp']['base_protocol'] = substr($_SESSION['imp']['protocol'], 0, $pos);
                }
              }
            }
          }
        }
        return true;
    }
}
</code>

Like in the first example, the hook has to be activated inside {{config/conf.php}}. 
* Either use the administration user interface of Horde (recommended)
* or set the following entry in {{config/conf.php}} with your favorite editor
<code>...
$conf['hooks']['preauthenticate'] = true;
...
</code>