[tpop3d-discuss] ldap virtual auth plugin : near release
Chris Lightfoot
chris at ex-parrot.com
Thu, 21 Feb 2002 14:13:03 +0000
On Thu, Feb 21, 2002 at 02:46:37PM +0100, Prune wrote:
[...]
> I subscribe this list 2 years ago. I'm not an ldap expert, I learn with
> what I see and hear. Most of ldap implemented tools act as this :
>
> -> bind as a privileged user
> or
> -> bind anonymously
> -> search for attribute
> -> get result attributes
> -> re-bind as user
> or
> -> compare userPassword with the one supplied by the user
>
> Some tools offer both, some do not...
> I don't think there are a better way than another...
FWIW, the Apache auth_ldap appears to use the search/bind
model. It seems like a reasonable idea to me (as a total
LDAP neophyte), I suppose. It would be nice to implement
both, I guess. I may look at doing that.
Presumably you can set ACLs so that (say) the email
address and name of a user are publically available, but
another attribute -- a password hash, say -- is available
only to the administrator and the user as whom the POP
server binds to the server?
--
One of the lessons of history is that nothing is often
a good thing to do -- and always a clever thing to say
(Will Durant)