Fri, 10 Apr 2026 07:03:42 +0000 https://bugs.horde.org/ticket/12271 gollem ftp login performed while not needed Namely, while gollem application has 'active' registry status, horde tries to do ftp_login and user authorization even for those users who don't have gollem disk (and permission to use gollem). This leads to very long wait for horde screen display. ftp_login is called 8 times for one login (yes) and it makes some 30 seconds extra to wait for login. Horde registry initialization should only be performed for these applications which user has permission to use. Generally speaking, the reason is as follows: - for every active application, Horde_Registry->hasPermission is called in listApps() - hasPermission() makes isAuthenticated() check - isAuthenticated() tries transparent authentication - then callAppMethod() is called with 'noperms' => true - and finally Gollem_Auth performs ftp_login Until now application permissions, although defined, are not checked. Thu, 23 May 2013 13:03:24 +0000 https://bugs.horde.org/ticket/12271#t78193 > Until now application permissions, although defined, are not checked. This doesn't sound right. transparent authentication shouldn't require any application permission checks, since transparent auth does not require a user and, therefore, permission checks may be impossible. Example: gollem might have no permissions for guest users. But transparent authentication is setup so that, if connecting from a certain IP address, the user is automatically logged in. Obviously, we can't check for application permissions here or else transparent authentication would never occur. Seems to me that if you are seeing multiple failing transparent authentication requests to gollem, either 1) your config is wrong or 2) gollem's transparent authentication is incorrect. But I don't see any issue here with the registry's handling of authentication (maybe an optimization - failing authentication requests in a session can be cached - but that's not a bug). Fri, 24 May 2013 04:56:55 +0000 https://bugs.horde.org/ticket/12271#t78198 > Seems to me that if you are seeing multiple failing transparent > authentication requests to gollem, either 1) your config is wrong or This is of course possible although I can't see my fault. From my point of view the problem is as follows: user doesn't have permission to run gollem (i.e. there are individual users who have the read permission for gollem so I assume my test user doesn't have one). Nevertheless horde attempts to make ftp login using this user credentials (hordeauth = full) and it fails after several seconds. Ftp login attempt is tried several times and test user has to wait a minute or so for login which is not acceptable. In my opinion horde shouldn't attempt to ftp login while it is not needed because of lack of permission to do it. May I send you offline cachegrind.out trace of the case? Fri, 24 May 2013 05:43:11 +0000 https://bugs.horde.org/ticket/12271#t78199 > In my opinion horde shouldn't attempt to ftp login while it is not > needed because of lack of permission to do it. Maybe the solution is to check for application permissions when attempting transparent authentication *if* the user is already authenticated to Horde. Not sure if this is too broad or prevents a valid use case though. If so, this check can be done in an application that handles transparent authentication instead (imp, gollem). Fri, 24 May 2013 13:31:55 +0000 https://bugs.horde.org/ticket/12271#t78205 > your config is wrong Actually Michael was right. I didn't define all levels of permissions to gollem ftp disk (gollem:backends:ftp). Now it works correctly. You can close this issue. Thank you. Sat, 25 May 2013 12:19:20 +0000 https://bugs.horde.org/ticket/12271#t78220