[Dovecot] Re: LDAP authenticated bind support

Angel Marin anmar at gmx.net
Thu Dec 29 11:50:22 EET 2005


J.M. Maurer escribió:
> Recently at Better.be we implemented LDAP authenticated bind support for
> dovecot. A patch against CVS HEAD is attached.
> I have not tested it against all possible configurations one can use,
> but the basic operation seems to be right.
> As documented in the patch, it adds one new option to the
> dovecot-ldap.conf configuration file:
>   # Set "auth_bind" to "yes" if you want to use "authenticated binds"
>   # as a login validation mechanism. NOTE: the pass_attrs option
>   # will (naturally) be ignored if you enable this
>   auth_bind = yes
> Authenticated bind support is implemented asynchronously. This involves
> 2 asynchronous calls: the first being 'ldap_search' to find the dn to
> bind against and the second being the actual 'ldap_bind' call.
> I'd love to hear some feedback on this.

Great work!

It'd be nice to have also a 'fastbind' implementation. It would avoid 
the 'ldap_search' call on environments where the dn is predictable and 
you don't need extra search capabilities.

Then the user_filter setting can be used as the template dn, which once 
expanded (%u, %d, ...) you have the dn do the 'ldap_bind' call.

An example of this can be found in saslauthd.

> Regards,
>   Marc Maurer
>   Better.be B.V.

Angel Marin

More information about the dovecot mailing list