On Wed, 2003-02-19 at 20:06, Timo Sirainen wrote:> Dovecot's LDAP support currently requires that it can read the
> userPassword field of every user. I'm not sure if I should support
> "authentication binds" that seems to be more standard way to do
LDAP
> authentication. That's just slower, works only with plaintext
> authentication and makes my code more complex.
authentication binds are the only "across the board" method for
authenticating users i know of. yes, they are slow. suppose i'm
authenticating against active directory. i know of no way to expose the
userPassword attribute in ad. personally, i wouldn't go near ad, but i
don't really have much of a choice in the matter. at best, you could
probably get compare rights. authentication binds mean i can support
whatever hashing mechanism my ldap server supports without exposing the
value itself.
d!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20030219/7ae22e9e/attachment-0003.bin>