search

roundcube / roundcubemail

The Roundcube Webmail suite
https://roundcube.net
GNU General Public License v3.0
5.92k stars 1.64k forks source link

Config for disable search of ldap addressbook #8604

Open manureini opened 2 years ago

manureini commented 2 years ago

Hello,

I'm using the new_user_identity plugin to set the Display Name (column "name" in identities table) on first login of the user.

Defined an adressbook like this:

$config['ldap_public']['People'] = array(
    'name'              => 'People',
    'hosts'             => array('192.168.1.1'),
    'port'              => 389,
    'user_specific'     => false,
    'base_dn'           => 'ou=people,dc=domain',
    'bind_dn'           => 'cn=admin,dc=domain',
    'bind_pass'         => '1234',
    'searchonly' => false,
    'hidden' => true,
    'writable' => false,
    'filter'            => '(objectClass=inetOrgPerson)',
    'search_fields'   => array('uid', 'givenName', 'cn', 'sn'),
    'fieldmap' => array(
    // Roundcube   => LDAP
       'name'         => 'cn',
       'surname'      => 'sn',
       'firstname'    => 'givenName',
    ),
    'scope'          => 'sub',
);

Everything works fine.

But now I want to keep this adressbook private, so search should not work. I can simply press Enter on the search bar and roundcube will list all my users.

To summary I actually don't want the adressbook, I only want to sync the Display Name. Another idea would be a configuration for the new_user_identity plugin to use a different config other than ldap_public.

Is there any chance to accomplish this? Thanks ;)

alecpl commented 2 years ago

We have an option to hide addressbook but allow searching, the opposite idea makes no sense to me. I don't see it happen.

Changing new_user_identity's new_user_identity_addressbook option to accept an array with full addressbook definition shouldn't be hard.

manureini commented 2 years ago

@alecpl Displaying these entries are against the GDPR, so in my opinion this makes sense ;) I don't want the addressbook, but I'm forced using it because of the new_user_identity plugin.

reimarstier commented 9 months ago

Actually, this is already possible. You may mark the user_specific flag as true and restrict your search filter in a way it only returns exactly one result for the given user. You can't hide the address book yet but you can very well disable searching through the entire database.