On Wed, 2003-02-19 at 20:06, Timo Sirainen wrote:
Dovecot's LDAP support currently requires that it can read the userPassword field of every user. I'm not sure if I should support "authentication binds" that seems to be more standard way to do LDAP authentication. That's just slower, works only with plaintext authentication and makes my code more complex.
authentication binds are the only "across the board" method for authenticating users i know of. yes, they are slow. suppose i'm authenticating against active directory. i know of no way to expose the userPassword attribute in ad. personally, i wouldn't go near ad, but i don't really have much of a choice in the matter. at best, you could probably get compare rights. authentication binds mean i can support whatever hashing mechanism my ldap server supports without exposing the value itself.
d!