Home
Projects
>Squirrelmail Maia Integration
Bibliography
Gameography
Quotefinder
Injuries
Blog
Flashback
> HOME > PROJECTS > SQUIRRELMAIL MAIA INTEGRATION
Squirrelmail Maia Integration

Squirrelmail Maia Integration

We have recently added Maia Mailguard to our anti-spam portfolio. When used in combination with Squirrelmail, the result is a full-featured web e-mail suite.

Overview

This page outlines a set of steps, including a small patch to Maia and a small Squirrelmail plugin, that will allow for unified Squirrelmail/Maia logins. Essentially, Maia is patched to trust authenticated Squirrelmail users, based on PHP session variables, without bothering Maia users with a login box.

Squirrelmail already sets a bevy of session variables. The two we are concerned with are 'username' and 'user_is_logged_in.' Essentially, if Maia sees these two variables, the user-in-question is authenticated.

This is not "integration" in the true sense of the word. See Future Direction below.

Caveats

This setup is subject to some limitations, and is largely a proof-of-concept:
  1. The Maia PHP scripts must run on the same box as Squirrelmail so they may share a PHP session
  2. The Maia patch presented here only works with LDAP authentication ($auth_method = "ldap")
  3. Your LDAP server must allow retrieval of a user's email attribute via an anonymous bind
  4. The Squirrelmail install obviously needs to be trusted, and secured, as Maia will trust all Squirrelmail-authenticated users
The second limitation can probably be overcome easily enough, but I only had time to really test an LDAP setup. Also, some of the address-rewriting characteristics of other auth methods may make them a bit messier.

Maia Setup

You will need to download/apply a small patch to three of Maia's PHP files to make this work.
  1. Download the Maia Session Auth Patch: maia-1.0.2a-sessauth-1.0.0.patch
  2. cd /path/to/maia/php
patch -p1 </path/to/patch
Once this patch is applied, you will notice no functional difference in your Maia login behavior, unless you link/browse directly to xlogin.php. The LDAP authentication code will look first for an existing username in the session variables (presumably there from our Squirremail session). If this does not exist, it will still fall back to doing normal LDAP authentication.

Testing

You can test this setup by logging into Squirremail as always, and then browsing to 'http://url/to/maia/xlogin.php.' If the patch is not applied, or not working, or you are not authenticated already as a Squirremail user, you should get a "Login for user failed. ( )" message. If it works, you should skip right in to the Maia welcome page as your Squirrelmail user. You should also test that normal logins work by going to your main Maia URL and logging in normally. You should also note that logging out of the Maia application does not end your Squirrelmail session.

Squirrelmail Setup

Two things need to be done to Squirrelmail to make our changes so far useful. First, we need to ensure that the PHP session name Squirremail uses matches our Maia install. Maia defaults to using PHPSESSID, while Squirrelmail installs ship using SQMSESSID. We will change Squirrelmail to use PHPSESSID.
  1. cd /path/to/squirrelmail
./configure
  2. General Options -> PHP session name, to PHPSESSID
Second, we need a link within Squirrelmail to take advantage of the fact that direct links to xlogin.php from authenticated sessions pass through unfettered by the Maia login process. Here is what I do to "integrate" Maia into Squirrelmail:
  1. Download my Squirrelmail plugin, HTML Inject: html_inject-1.0.0-1.4.x.tar.gz (other Squirrelmail Plugins)
  2. Install the plugin according to the directions.
  3. Edit the plugin's setup.php file to add a link within Squirrelmail to Maia's xlogin.php file. For example: 
    function inject_menuline() {
        echo "<a href=\"http://url/to/maia/xlogin.php\" target="\new\">Maia</a>\n";
}
You should now have a link within Squirrelmail that opens up the Maia welcome page in a new window. Leave off the target specification to open it in the right frame. You can also be quite creative with Apache aliases and the inject_menuline function using displayInternalLink to get a very slick addition to the top menu bar, especially if using graphical buttons (which is what I do). Even if you want to skip the Maia patch, this is still quite handy just as a link to Maia.

Future Direction

Obviously, if this seems palatable, it would be nice to have this kind of setup work with more than just LDAP. I just have not had the time to really work on anything else, and LDAP is what I use on our site.

It would be REALLY nice if there was some kind of Squirrelmail plugin, along the lines of Amavisnewsql, or possibly using the Spam Buttons plugin, so that users can click off spam/ham and free quarantine items right in the main Squirrelmail interface. I believe the Maia Roadmap's outline of a headless API would go a long way towards making this much more possible. That is obviously a much larger undertaking, and this simple setup suffices for me for the time being.

Criticism, suggestions, derision, welcome. :)
last modified: 2012-04-23 20:27:44
Copyright © 2001-2024
Jeffrey M. Hardy