Index: doc/dovecot-ldap.conf
===================================================================
RCS file: /home/cvs/dovecot/doc/dovecot-ldap.conf,v
retrieving revision 1.13
diff -c -r1.13 dovecot-ldap.conf
*** doc/dovecot-ldap.conf	30 Dec 2005 15:43:38 -0000	1.13
--- doc/dovecot-ldap.conf	1 Jan 2006 11:29:41 -0000
***************
*** 21,26 ****
--- 21,27 ----
  # Use authentication binding for verifying password's validity. This works by
  # logging into LDAP server using the username and password given by client.
  # NOTE: pass_attrs option will (naturally) be ignored if you enable this.
+ # NOTE: fast bind option listed below
  #auth_bind = no
  
  # LDAP protocol version to use. Likely 2 or 3.
***************
*** 75,77 ****
--- 76,88 ----
  # If the UID/GID is still found from LDAP reply, it overrides these values.
  #user_global_uid = 
  #user_global_gid = 
+ 
+ # Use authentication binding for verifying password's validity. This works by
+ # logging into LDAP server using the username and password given by client.
+ # This option does not search.  It builds the DN with the userdn variable 
+ # listed below.
+ #fast_bind = yes
+ 
+ #user_dn (substitutes the %u, etc as listed in the user_filter)
+ #userdn = cn=%u,ou=people,o=org
+ 
Index: src/auth/db-ldap.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/db-ldap.c,v
retrieving revision 1.34
diff -c -r1.34 db-ldap.c
*** src/auth/db-ldap.c	30 Dec 2005 15:43:41 -0000	1.34
--- src/auth/db-ldap.c	1 Jan 2006 11:29:41 -0000
***************
*** 33,39 ****
--- 33,41 ----
  	DEF(SET_STR, uris),
  	DEF(SET_STR, dn),
  	DEF(SET_STR, dnpass),
+ 	DEF(SET_STR, userdn),
  	DEF(SET_BOOL, auth_bind),
+ 	DEF(SET_BOOL, fast_bind),
  	DEF(SET_STR, deref),
  	DEF(SET_STR, scope),
  	DEF(SET_STR, base),
***************
*** 52,58 ****
--- 54,62 ----
  	MEMBER(uris) NULL,
  	MEMBER(dn) NULL,
  	MEMBER(dnpass) NULL,
+ 	MEMBER(userdn) NULL,
  	MEMBER(auth_bind) FALSE,
+ 	MEMBER(fast_bind) FALSE,
  	MEMBER(deref) "never",
  	MEMBER(scope) "subtree",
  	MEMBER(base) NULL,
Index: src/auth/db-ldap.h
===================================================================
RCS file: /home/cvs/dovecot/src/auth/db-ldap.h,v
retrieving revision 1.17
diff -c -r1.17 db-ldap.h
*** src/auth/db-ldap.h	30 Dec 2005 15:43:41 -0000	1.17
--- src/auth/db-ldap.h	1 Jan 2006 11:29:41 -0000
***************
*** 15,21 ****
--- 15,23 ----
  	const char *uris;
  	const char *dn;
  	const char *dnpass;
+ 	const char *userdn;
  	int auth_bind;
+ 	int fast_bind;
  	const char *deref;
  	const char *scope;
  	const char *base;
Index: src/auth/passdb-ldap.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/passdb-ldap.c,v
retrieving revision 1.39
diff -c -r1.39 passdb-ldap.c
*** src/auth/passdb-ldap.c	30 Dec 2005 17:55:48 -0000	1.39
--- src/auth/passdb-ldap.c	1 Jan 2006 11:29:41 -0000
***************
*** 292,297 ****
--- 292,337 ----
  }
  
  static void
+ ldap_verify_plain_fastbind(struct auth_request *auth_request,
+ 			   struct ldap_request *ldap_request)
+ {
+ 	struct passdb_module *_module = auth_request->passdb->passdb;
+ 	struct passdb_ldap_request *passdb_ldap_request =
+ 		(struct passdb_ldap_request *)ldap_request;
+ 	struct ldap_passdb_module *module =
+ 		(struct ldap_passdb_module *)_module;
+ 	struct ldap_connection *conn = module->conn;
+         const struct var_expand_table *vars;
+ 	string_t *str;
+ 	const char *dn;
+ 	int msgid;
+ 
+ 	vars = auth_request_get_var_expand_table(auth_request, ldap_escape);
+ 
+ 	str = t_str_new(512);
+ 	var_expand(str, conn->set.userdn, vars);
+ 	dn = p_strdup(auth_request->pool, str_c(str));
+ 
+ 	ldap_request->callback = handle_request_authbind;
+ 	ldap_request->context = auth_request;
+ 
+ 	msgid = ldap_bind(conn->ld, dn, auth_request->mech_password,
+ 			  LDAP_AUTH_SIMPLE);
+ 
+ 	if (msgid == -1) {
+ 		i_error("ldap_bind() fast_bind failed: %s", ldap_get_error(conn));
+ 		passdb_ldap_request->callback.
+ 			verify_plain(PASSDB_RESULT_INTERNAL_FAILURE,
+ 				     auth_request);
+ 		return;
+ 	}
+ 
+ 	/* Bind started */
+ 	auth_request_ref(auth_request);
+ 	hash_insert(conn->requests, POINTER_CAST(msgid), ldap_request);
+ }
+ 
+ static void
  ldap_verify_plain_authbind(struct auth_request *auth_request,
  			   struct ldap_request *ldap_request)
  {
***************
*** 341,347 ****
  	ldap_request = p_new(request->pool, struct passdb_ldap_request, 1);
  	ldap_request->callback.verify_plain = callback;
  
! 	if (conn->set.auth_bind)
  		ldap_verify_plain_authbind(request, &ldap_request->request);
  	else
  		ldap_lookup_pass(request, &ldap_request->request);
--- 381,389 ----
  	ldap_request = p_new(request->pool, struct passdb_ldap_request, 1);
  	ldap_request->callback.verify_plain = callback;
  
! 	if (conn->set.fast_bind)
! 		ldap_verify_plain_fastbind(request, &ldap_request->request);
! 	else if (conn->set.auth_bind)
  		ldap_verify_plain_authbind(request, &ldap_request->request);
  	else
  		ldap_lookup_pass(request, &ldap_request->request);