hi all 2 Questions : thx for this great software, who replace my imap and pop3 server when it
how not using the authentication bind feature of ldap server ? i rewrite checkpassword-ldap recently to use in bincimap server, and it take 3 lines to do this, so i don't understand how you don't use it. it is more powerful and more secure than retrieve pasword from the base and use crypto api to compare it.
is the dovecot server support the IMAPdir feature like bincimap or not ?
support that :)
Vr.
On Fri, 2004-06-18 at 04:10, Hervé Commowick - NewSports wrote:
- how not using the authentication bind feature of ldap server ? i rewrite checkpassword-ldap recently to use in bincimap server, and it take 3 lines to do this, so i don't understand how you don't use it. it is more powerful and more secure than retrieve pasword from the base and use crypto api to compare it.
When I originally wrote the LDAP code I didn't really know about authentication binds. Later I once tried to write support for them but got tired and didn't finish it.
dovecot-auth tries to do everything inside one process (it's fast). Making auth binds is a bit more difficult to do in non-blocking way.
I've thought about adding checkpassword support for dovecot-auth actually. For now you could support auth binds with PAM and pam-ldap module.
- is the dovecot server support the IMAPdir feature like bincimap or not ?
No, at least not yet. It's pretty nice format, but for being named IMAPdir I think it should have been designed to be 100% IMAP-compatible.
The problem is that with IMAPdir (and Maildir++) RENAME isn't atomic when it has to rename subfolders. Also renaming INBOX can be problematic to implement atomically (the INBOX must never be lost).
Pretty much the only way to do this with UNIX would be to use real directories to implement hierarchies rather than a special '.' separator in file/directory name. I wonder why Andreas didn't do this.
Timo Sirainen wrote:
On Fri, 2004-06-18 at 04:10, Hervé Commowick - NewSports wrote:
- how not using the authentication bind feature of ldap server ? i rewrite checkpassword-ldap recently to use in bincimap server, and it take 3 lines to do this, so i don't understand how you don't use it. it is more powerful and more secure than retrieve pasword from the base and use crypto api to compare it.
When I originally wrote the LDAP code I didn't really know about authentication binds. Later I once tried to write support for them but got tired and didn't finish it.
dovecot-auth tries to do everything inside one process (it's fast). Making auth binds is a bit more difficult to do in non-blocking way.
I've thought about adding checkpassword support for dovecot-auth actually. For now you could support auth binds with PAM and pam-ldap module.
ok for this :) i'll try to implement this, when i've time, i'll provide patch if i find an issue.
- is the dovecot server support the IMAPdir feature like bincimap or not ?
No, at least not yet. It's pretty nice format, but for being named IMAPdir I think it should have been designed to be 100% IMAP-compatible.
The problem is that with IMAPdir (and Maildir++) RENAME isn't atomic when it has to rename subfolders. Also renaming INBOX can be problematic to implement atomically (the INBOX must never be lost).
i don't understand as well, i'll try to find document about that.
Pretty much the only way to do this with UNIX would be to use real directories to implement hierarchies rather than a special '.' separator in file/directory name. I wonder why Andreas didn't do this.
IMAPdir use real directory to implement hierarchy, if i create a folder, it is created in IMAPdir directory like that : IMAPdir \_INBOX \_TestFolder
so the IMAPdir use real directory and not special '.' separator...
Hervé.
On Tue, 2004-06-22 at 11:47, Hervé Commowick - NewSports wrote:
I've thought about adding checkpassword support for dovecot-auth actually. For now you could support auth binds with PAM and pam-ldap module.
BTW. 1.0-test21 has passdb checkpassword support. Still need userdb though.
No, at least not yet. It's pretty nice format, but for being named IMAPdir I think it should have been designed to be 100% IMAP-compatible.
The problem is that with IMAPdir (and Maildir++) RENAME isn't atomic when it has to rename subfolders. Also renaming INBOX can be problematic to implement atomically (the INBOX must never be lost).
i don't understand as well, i'll try to find document about that.
It's not too bad, I just think the IMAPdir name is wrong in that case :)
Pretty much the only way to do this with UNIX would be to use real directories to implement hierarchies rather than a special '.' separator in file/directory name. I wonder why Andreas didn't do this.
IMAPdir use real directory to implement hierarchy, if i create a folder, it is created in IMAPdir directory like that : IMAPdir \_INBOX \_TestFolder
so the IMAPdir use real directory and not special '.' separator...
But when you create a folder under TestFolder? That's created as "TestFolder.SubFolder" in the root dir, not as "TestFolder/SubFolder". At least that's how bincimap.org web page explains it.
Timo Sirainen wrote:
On Tue, 2004-06-22 at 11:47, Hervé Commowick - NewSports wrote:
I've thought about adding checkpassword support for dovecot-auth actually. For now you could support auth binds with PAM and pam-ldap module.
BTW. 1.0-test21 has passdb checkpassword support. Still need userdb though.
great. but checkpassword program does not split the userdb and the passdb so how it is implemented ? :)
No, at least not yet. It's pretty nice format, but for being named IMAPdir I think it should have been designed to be 100% IMAP-compatible.
The problem is that with IMAPdir (and Maildir++) RENAME isn't atomic when it has to rename subfolders. Also renaming INBOX can be problematic to implement atomically (the INBOX must never be lost).
i don't understand as well, i'll try to find document about that.
It's not too bad, I just think the IMAPdir name is wrong in that case :)
i think so, ok.
Pretty much the only way to do this with UNIX would be to use real directories to implement hierarchies rather than a special '.' separator in file/directory name. I wonder why Andreas didn't do this.
IMAPdir use real directory to implement hierarchy, if i create a folder, it is created in IMAPdir directory like that : IMAPdir \_INBOX \_TestFolder
so the IMAPdir use real directory and not special '.' separator...
But when you create a folder under TestFolder? That's created as "TestFolder.SubFolder" in the root dir, not as "TestFolder/SubFolder". At least that's how bincimap.org web page explains it.
that's right..... it's ridiculous, why use real directory for top level and '.' separator for the other ....
thanks.
Hervé
On Tue, Jun 22, 2004 at 11:21:00AM +0200, Herv? Commowick - NewSports wrote:
that's right..... it's ridiculous, why use real directory for top level and '.' separator for the other ....
In courier-imap I think it's so that the quota file can be found when delivering directly to a folder.
Maildir/ -- contains maildirsize (quota calculation info) Maildir/.foo -- contains maildirfolder (zero bytes) Maildir/.foo.bar -- contains maildirfolder (zero bytes)
When you deliver to a Maildir, if you find a file 'maildirfolder' in it, then you move up to the parent directory to find the quota file.
If it were arranged as
Maildir/foo/bar
then you would need to know that you'd have to go up *two* levels to find the quota file.
Regards,
Brian.
On 22.6.2004, at 12:21, Hervé Commowick - NewSports wrote:
BTW. 1.0-test21 has passdb checkpassword support. Still need userdb though.
great. but checkpassword program does not split the userdb and the passdb so how it is implemented ? :)
That's exactly why userdb isn't implemented yet, because currently Dovecot requires that they work separately. The checkpassword passdb would have to store the returned user info so userdb lookup could later get it.
participants (3)
-
Brian Candler
-
Hervé Commowick - NewSports
-
Timo Sirainen