[tpop3d-discuss] LDAP module for tpop3D (and virtual domains)

Paul Makepeace Paul.Makepeace at realprogrammers.com
Fri, 1 Feb 2002 17:07:06 -0800 

On Sat, Feb 02, 2002 at 01:53:07AM +0100, Prune wrote:
>    Hi,
>    Almost done...
>    I have to be fresh tomorrow so I'm going to sleep.
>    I'm currently porting the auth_mysql to auth_ldap, this way :
>    having :
>    auth_ldap_host : hostname
>    auth_ldap_port : port (389)
>    -> this will go to auth_ldap_url = "ldap://localhost:389", fr example.
>    (as soon I have time)
>    auth_ldap_base_dn :    ex : "dc=society, dc=com"
>    auth_ldap_login : login for admin auth
>    auth_ldap_pass : password of admin
>    auth_ldap_maildrop_attr : attribut containing where to put the mail
>    (ex : maildrop)
>    auth_ldap_mail_attr : attribut on which we do the search  (ex : mail)
>    auth_ldap_uid_attr : the uid of the owner
>    first, we connect to LDAP and bind as admin

The most obvious thing I would say is not to perform mail-related
searches as admin, if by admin you mean LDAP root. By default, LDAP is
an unencrypted protocol and you really don't want to expose your root,
nor put yourself in the position of making a mistake and damaging your
database. Further, your ACLs are not taking effect with the
admin/root user.

If by admin you mean some ordinary user with different ACLs, then
disregard the above :-)

>    then, we search for the DN of the requested mail, and all attributes
>    of the mail
>    We finaly bind as the user (with the provided password... this is how
>    ldap do auth)
>    if the bind is successful, we return attributes

I'm curious why you bind twice?

>    Do you have LDAP experiences yet ?

http://paulmakepeace.com/resume_detail.html#slb.com altho' it's
certainly been a while...

If you're going to use LDAP URL format, you could consider putting the
rest of the information like base dn, authentication, port etc, in
there. LDAP URL format looks rather ugly but it's at least well known.

Paul

-- 
Paul Makepeace ....................................... http://paulm.com/

"What is the best dessert you've ever had? Many (very small) bags of
 gravel."
   -- http://paulm.com/toys/surrealism/