[dovecot] Re: 0.99.8-test7

David E. Storey dave at tamos.net
Thu Feb 20 05:10:58 EET 2003


On Wed, 2003-02-19 at 20:06, Timo Sirainen wrote:
> Dovecot's LDAP support currently requires that it can read the
> userPassword field of every user. I'm not sure if I should support 
> "authentication binds" that seems to be more standard way to do LDAP
> authentication. That's just slower, works only with plaintext
> authentication and makes my code more complex.

authentication binds are the only "across the board" method for
authenticating users i know of. yes, they are slow. suppose i'm
authenticating against active directory. i know of no way to expose the
userPassword attribute in ad. personally, i wouldn't go near ad, but i
don't really have much of a choice in the matter. at best, you could
probably get compare rights. authentication binds mean i can support
whatever hashing mechanism my ldap server supports without exposing the
value itself.

d!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20030219/7ae22e9e/attachment-0003.bin>


More information about the dovecot mailing list