[Dovecot] LDAP configuration
Hello, I've just installed dovecot to replace courier-imap and I've found out it didn't support some of the typical LDAP userPassword schemes, so I've written some based on OpenSSL API. Furthermore I noticed that the MD5 one seems broken. If it isn't a requirement to ship its own implementation of a crypto algorithm, I would send in a patch to replace schema checks with those based on libcrypto.
I also noticed that if I try connecting to an account that doesn't contain a real maildir (es. maildir:%h/.mail, but .mail doesn't exist), the imap segv's. I suppose it would be cool to ship a maildirmake program and have imap use it whenever necessary, if a flag allows it to do so.
Giacomo Cariello, jwk@bug.it KeyID: 3072/1024/0x409C9044 Fingerprint: 7984 10FD 0460 4202 BF90 3881 CDE4 D78E 409C 9044
"Put that mic in my hand and let me kick out the jams!" - MC5
On Tue, Feb 17, 2004 at 09:05:20PM +0100, Giacomo Cariello wrote:
I've just installed dovecot to replace courier-imap and I've found out it didn't support some of the typical LDAP userPassword schemes, so I've written some based on OpenSSL API. Furthermore I noticed that the MD5 one seems broken. If it isn't a requirement to ship its own implementation of a crypto algorithm, I would send in a patch to replace schema checks with those based on libcrypto.
Any overlap with the LDAP MD5/SMD5 handler at http://www.roughtrade.net/dovecot/ ?
Personally I prefer that Dovecot does its own crypto. I like Timo's buffer libraries, and using external libs would weaken that; you might as well go use Cyrus SASL.
- Joshua.
-- Joshua Goodall "as modern as tomorrow afternoon" joshua@roughtrade.net - FW109
At 23.03 17/02/2004, you wrote:
On Tue, Feb 17, 2004 at 09:05:20PM +0100, Giacomo Cariello wrote:
I've just installed dovecot to replace courier-imap and I've found out it didn't support some of the typical LDAP userPassword schemes, so I've written some based on OpenSSL API. Furthermore I noticed that the MD5 one seems broken. If it isn't a requirement to ship its own implementation of a crypto algorithm, I would send in a patch to replace schema checks with those based on libcrypto.
Any overlap with the LDAP MD5/SMD5 handler at http://www.roughtrade.net/dovecot/ ?
Whoops. This url deserves to make it to the Wiki ;-) Well, I worked primarily on SHA / SSHA, so no, it's not an overlap, however I suppose it would be cool to import that MD5 handler.
Personally I prefer that Dovecot does its own crypto. I like Timo's buffer libraries, and using external libs would weaken that; you might as well go use Cyrus SASL.
IMHO, cyrus SASL sucks for what regards "code quality", so it'd be even worse than using OpenSSL API.
Giacomo Cariello, jwk@bug.it
KeyID: 3072/1024/0x409C9044 Fingerprint: 7984 10FD 0460 4202 BF90 3881 CDE4 D78E 409C 9044
"Put that mic in my hand and let me kick out the jams!" - MC5
participants (2)
-
Giacomo Cariello
-
Joshua Goodall