[tpop3d-discuss] ldap virtual auth plugin : near release

Prune prune at lecentre.net
Mon, 18 Feb 2002 15:44:11 +0100 

Hi,

sorry for beeing so slow... I was hill.

So.....
the plugins is finaly finished. I just need to clear things like logs 
and be sure no memory leaks stays around.
I added many things in the configuration file, so everything is 
customisable :

  "auth-ldap-username" : manager username to bind ldap
   "auth-ldap-password" : manager's password
   "auth-ldap-mail-user" : predefined username to chown when fork
   "auth-ldap-mail-group" : predefined group to chgrp to when fork
   "auth-ldap-filter-attr" : attribut to compare to the mail account
   "auth-ldap-filter-addon" : some more attributes a user would like to 
add to the filter
   "auth-ldap-url" : ldap url formated string giving host, port and base 
DN of ldap server
   "auth-ldap-use-TLS" : on/off, activate TLS (encryption of data 
between the pop and the ldap server
   "auth-ldap-mailbox-attr" : ldap attribut to return as mailbox path 
(default to "maildrop", but must be changed to "mailbox" according to RFC's)
   "auth-ldap-uid-attr" : ldap attribut to return as uid when pop3d 
forks (if not define in "auth-ldap-mail-user")
   "auth-ldap-gid-attr" : ldap attribut to return as gid when pop3d 
forks (if not define in "auth-ldap-mail-group" )


What it does :

-do auth agains an ldap server
-get the location of the mailbox (or maildir) from LDAP
-get the uid/gid of the mailbox from LDAP

what does it needs : openldap 2.x (not tested with any other ldap SDK). 
Your openldap must support TLS if you want to be able to use this function.

how it works :
-the way tpop3d deals with mailbox types is not the same postfix does. 
This plugin have been developped for using tpop3d with postfix :
    postifx virtual delivery agent gets the mailbox path from ldap like 
:  "/var/mail/virtuals/user1/"
    the / at the end means it is a maildir format.
    tpop3d wanted it like "maildir:/var/mail/virtuals/user1"
   
    As the mysql plugin force to "bsd" mailbox, I chosed to force my 
ldap plugin to check the last char of the mailbox path.
    The plugin so work in postfix's way.

-the apop function is not (yet) integrated. In fact it seems to be the 
same as the normal pop. Am I right ?

-the server connects only once. If the connection ends up, it will be 
re-opened next time someone try to authenticate.
    -I'll check to see how to do asynchronous searches, so multiple 
requests could be done at a time.

-the server can only use one server. I would like to add support for 
multi server and failover.

Finaly :


-who would like to test ?
-who (chris ?) will plainly add my module to the distrib ?
    as for now I can give auth_ldap.c and auth_ldap.h. we need to modify 
the makefile to add -I/-L  and -lldap for openldap libs.

For testing, at the moment, files still name "auth_mysql.c", Makefile is 
changed by hand, but everything works fine.

who want to integrate it to the actual pre-release ?

Thanks,


Prune



chris : I would like to know what is the difference between the "home" 
and the "mailbox" in a authcontext ? my plugin return the same, as user 
are only present in the LDAP, and not in the system's password file....