[Dovecot] Re: LDAP authenticated bind support

[Angel Marin]

Hi,

J.M. Maurer escribió:
> Recently at Better.be we implemented LDAP authenticated bind support for
> dovecot. A patch against CVS HEAD is attached.
> 
> I have not tested it against all possible configurations one can use,
> but the basic operation seems to be right.
> 
> As documented in the patch, it adds one new option to the
> dovecot-ldap.conf configuration file:
> 
>   # Set "auth_bind" to "yes" if you want to use "authenticated binds"
>   # as a login validation mechanism. NOTE: the pass_attrs option
>   # will (naturally) be ignored if you enable this
>   auth_bind = yes
> 
> Authenticated bind support is implemented asynchronously. This involves
> 2 asynchronous calls: the first being 'ldap_search' to find the dn to
> bind against and the second being the actual 'ldap_bind' call.
> 
> I'd love to hear some feedback on this.

Great work!

It'd be nice to have also a 'fastbind' implementation. It would avoid 
the 'ldap_search' call on environments where the dn is predictable and 
you don't need extra search capabilities.

Then the user_filter setting can be used as the template dn, which once 
expanded (%u, %d, ...) you have the dn do the 'ldap_bind' call.

An example of this can be found in saslauthd.

> Regards,
>   Marc Maurer
>   Better.be B.V.

Regards,
-- 
Angel Marin
http://anmar.eu.org/