[Dovecot] LDAP Bind
Hervé Commowick - NewSports
hervec at sports.fr
Tue Jun 22 11:47:16 EEST 2004
Timo Sirainen wrote:
>On Fri, 2004-06-18 at 04:10, Hervé Commowick - NewSports wrote:
>>- how not using the authentication bind feature of ldap server ?
>>i rewrite checkpassword-ldap recently to use in bincimap server, and it
>>take 3 lines to do this, so i don't understand how you don't use it.
>>it is more powerful and more secure than retrieve pasword from the base
>>and use crypto api to compare it.
>When I originally wrote the LDAP code I didn't really know about
>authentication binds. Later I once tried to write support for them but
>got tired and didn't finish it.
>dovecot-auth tries to do everything inside one process (it's fast).
>Making auth binds is a bit more difficult to do in non-blocking way.
>I've thought about adding checkpassword support for dovecot-auth
>actually. For now you could support auth binds with PAM and pam-ldap
ok for this :)
i'll try to implement this, when i've time, i'll provide patch if i find
>>- is the dovecot server support the IMAPdir feature like bincimap or not ?
>No, at least not yet. It's pretty nice format, but for being named
>IMAPdir I think it should have been designed to be 100% IMAP-compatible.
>The problem is that with IMAPdir (and Maildir++) RENAME isn't atomic
>when it has to rename subfolders. Also renaming INBOX can be problematic
>to implement atomically (the INBOX must never be lost).
i don't understand as well, i'll try to find document about that.
>Pretty much the only way to do this with UNIX would be to use real
>directories to implement hierarchies rather than a special '.' separator
>in file/directory name. I wonder why Andreas didn't do this.
IMAPdir use real directory to implement hierarchy, if i create a folder,
it is created in IMAPdir directory like that :
so the IMAPdir use real directory and not special '.' separator...
More information about the dovecot