[Dovecot] Re: LDAP authenticated bind support
anmar at gmx.net
Thu Dec 29 11:50:22 EET 2005
J.M. Maurer escribió:
> Recently at Better.be we implemented LDAP authenticated bind support for
> dovecot. A patch against CVS HEAD is attached.
> I have not tested it against all possible configurations one can use,
> but the basic operation seems to be right.
> As documented in the patch, it adds one new option to the
> dovecot-ldap.conf configuration file:
> # Set "auth_bind" to "yes" if you want to use "authenticated binds"
> # as a login validation mechanism. NOTE: the pass_attrs option
> # will (naturally) be ignored if you enable this
> auth_bind = yes
> Authenticated bind support is implemented asynchronously. This involves
> 2 asynchronous calls: the first being 'ldap_search' to find the dn to
> bind against and the second being the actual 'ldap_bind' call.
> I'd love to hear some feedback on this.
It'd be nice to have also a 'fastbind' implementation. It would avoid
the 'ldap_search' call on environments where the dn is predictable and
you don't need extra search capabilities.
Then the user_filter setting can be used as the template dn, which once
expanded (%u, %d, ...) you have the dn do the 'ldap_bind' call.
An example of this can be found in saslauthd.
> Marc Maurer
> Better.be B.V.
More information about the dovecot