NTLM SSO removes Windows users on a PC, which is a member of a Windows
domain and who are logged into that domain, from the need to explicitly log
into eGW. They simply point IE to the eGW URL (eg. http://domain.com/egroupware/)
and start working. They can of cause explicitly log out and log in as an
other user.
For more information look at the README at
http://www.egroupware.org/viewvc/trunk/phpgwapi/ntml/README
2. different authentication for SyncML and/or GroupDAV
You can now use eg. an external auth provider for the login via the
WebGUI (eg. ADS) and the passwords stored in SQL for SyncML.
we can NOT clean the whole egw_info/server array, as this also cleans the variables set in the header, which get not re-read
--> we need to keep the important values: sessions_type and default_domain"
- new cleaner AND documented interfaces
- old interfaces are still availible, but depricated
- LDAP backend stores now membership information in LDAP too, and does NO longer require the phpgwAccount schema
- LDAP backend deals now well with LDAP schema in which posixGroup is no structural object (eg. newer SuSE distros)
- password from users are done now binded as that user, so if you dont need/use our admin to manage accounts, you can give a root-dn which only allows to search&read accounts
- phpgw_accounts --> egw_accounts
- phpgw_acl --> egw_acl
- phpgw_log(_msg) --> egw_log(_msg)
- phpgw_config --> egw_config
- phpgw_applications --> egw_applications
This requires code-changes in many apps. Quite often I was able to replace the db access, with calls to the appropreate classes.
Please note: If you already edited your phpgwapi/inc/functions.inc.php to switch it off, you will get an cvs conflict on updating, just do a "cvs update -C phpgwapi/inc/functions.inc.php" to fix it. If you want to use the session restore or you already used it, you need to go to Setup >> Headeradmin and switch it on there.
At the moment you need to log out to activate any changes in the config, preferences or the apps enabled for a user. This can be changed easily by invalidating the cache.
2) New way to create an anoymous session: you can specify a callback function, which gets called if the session could not be verified. The callback can use the DB or instanciate a config object to get the account-date, which it returns. A new session get then created.
- only needs host- and domain-name
- needs NO extra account on the ADS host
- can be used with accounts in SQL or LDAP to auto-create autheticated users
- new param to lowercase the user-names before auto-creating them (to deal with case-insensitve and case-sensitive system)
- Oracle via oci8 or odbc extension
- MsSql via odbc extension
2) added checks for the neccesary extension incl. loading them if they are not loaded by default: db extensions and session extension. This is now consitent wiht check_install.
3) sessions class tries now to load the php session extension and silently fallbacks to db-sessions
- [ 1015846 ] Registering session MySQL query error
- handlich of timed out sessions for php4 sessions was wrong
==> I can't reproduce any more sessions probs, either with db nor php4 sessions
