[tpop3d-discuss] ldap virtual auth plugin : near release

Chris Lightfoot chris at ex-parrot.com
Thu, 21 Feb 2002 10:57:00 +0000 

On Thu, Feb 21, 2002 at 11:48:44AM +0100, Prune wrote:
    [...]
> >Ah, OK. Is this the normal procedure with LDAP? I had
> >understood that you were expected to build heirachical
> >directories....
> >
> this is hierarchical.
> you go down to the directory and seek for the user DN having the 
> attribute requested in the search filter.
> Then you get his DN. The DN is unique. it's your duty to make the search 
> filter to find a unique entry.

Ah-- OK.

> >Is LDAP case-sensitive?
> >
> globally no. It can be changed or depend on which attribute you're 
> requesting. but, no. search filters are not case sensitive.

OK.

> >You establish whether the user has credentials on the
> >mailbox by seeing whether they can bind (roughly
> >equivalent to `log in', right?) to the LDAP server. Is
> >this the normal approach? (I had assumed that one would
> >have an attribute which contains a password hash -- as
> >auth-mysql does -- and then test that explicitly.)
> >
> You can do both. getting the password and testing is the "old way" of 
> doing. At least, I think....
    [...]
> You have to understand that a bind is something really common with ldap. 
> it's built in feature. it checks against the "userPassword" attribute.

Fair enough. If this is widespread practice, I don't mind
limiting the authenticator in this way.

> >>Release the new tpop3d, and I'll work on this. it's simple to change.
> >>Maybe you would like to have access to my test ldap server ?
> >>
> >
> >I have OpenLDAP up and running, but if you could send me
> >(not to the list I think...) twenty or so account
> >specifications in the form above, that would be helpful.
> >
> I don't have 20 accounts to send you :)
> but you can simply modify some attributes of the one before...
> make your .ldif and add it.

Fine-- I'll do that :)

> If not yet done, try gq (gnome or kde ldap browser, don't remember) or 
> ldapbrowser, a java browser, very usefull.

Ooh. Graphical user interfaces. Cool[1].

    ---
    1. (I'm not much of a graphical user interface person,
       myself.)

-- 
 God is a comedian, playing to an audience that's too afraid to laugh.
 (Voltaire)