[Dovecot] LDAP Bind
Timo Sirainen
tss at iki.fi
Fri Jun 18 04:48:07 EEST 2004
On Fri, 2004-06-18 at 04:10, Hervé Commowick - NewSports wrote:
> - how not using the authentication bind feature of ldap server ?
> i rewrite checkpassword-ldap recently to use in bincimap server, and it
> take 3 lines to do this, so i don't understand how you don't use it.
> it is more powerful and more secure than retrieve pasword from the base
> and use crypto api to compare it.
When I originally wrote the LDAP code I didn't really know about
authentication binds. Later I once tried to write support for them but
got tired and didn't finish it.
dovecot-auth tries to do everything inside one process (it's fast).
Making auth binds is a bit more difficult to do in non-blocking way.
I've thought about adding checkpassword support for dovecot-auth
actually. For now you could support auth binds with PAM and pam-ldap
module.
> - is the dovecot server support the IMAPdir feature like bincimap or not ?
No, at least not yet. It's pretty nice format, but for being named
IMAPdir I think it should have been designed to be 100% IMAP-compatible.
The problem is that with IMAPdir (and Maildir++) RENAME isn't atomic
when it has to rename subfolders. Also renaming INBOX can be problematic
to implement atomically (the INBOX must never be lost).
Pretty much the only way to do this with UNIX would be to use real
directories to implement hierarchies rather than a special '.' separator
in file/directory name. I wonder why Andreas didn't do this.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040618/82ad44bd/attachment-0001.bin>
More information about the dovecot
mailing list