hi all 2 Questions : - how not using the authentication bind feature of ldap server ? i rewrite checkpassword-ldap recently to use in bincimap server, and it take 3 lines to do this, so i don't understand how you don't use it. it is more powerful and more secure than retrieve pasword from the base and use crypto api to compare it. - is the dovecot server support the IMAPdir feature like bincimap or not ? thx for this great software, who replace my imap and pop3 server when it support that :) Vr.
On Fri, 2004-06-18 at 04:10, Herv? Commowick - NewSports wrote:> - how not using the authentication bind feature of ldap server ? > i rewrite checkpassword-ldap recently to use in bincimap server, and it > take 3 lines to do this, so i don't understand how you don't use it. > it is more powerful and more secure than retrieve pasword from the base > and use crypto api to compare it.When I originally wrote the LDAP code I didn't really know about authentication binds. Later I once tried to write support for them but got tired and didn't finish it. dovecot-auth tries to do everything inside one process (it's fast). Making auth binds is a bit more difficult to do in non-blocking way. I've thought about adding checkpassword support for dovecot-auth actually. For now you could support auth binds with PAM and pam-ldap module.> - is the dovecot server support the IMAPdir feature like bincimap or not ?No, at least not yet. It's pretty nice format, but for being named IMAPdir I think it should have been designed to be 100% IMAP-compatible. The problem is that with IMAPdir (and Maildir++) RENAME isn't atomic when it has to rename subfolders. Also renaming INBOX can be problematic to implement atomically (the INBOX must never be lost). Pretty much the only way to do this with UNIX would be to use real directories to implement hierarchies rather than a special '.' separator in file/directory name. I wonder why Andreas didn't do this. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20040618/82ad44bd/attachment-0001.bin>
Timo Sirainen wrote:>On Fri, 2004-06-18 at 04:10, Herv? Commowick - NewSports wrote: > > >>- how not using the authentication bind feature of ldap server ? >>i rewrite checkpassword-ldap recently to use in bincimap server, and it >>take 3 lines to do this, so i don't understand how you don't use it. >>it is more powerful and more secure than retrieve pasword from the base >>and use crypto api to compare it. >> >> > >When I originally wrote the LDAP code I didn't really know about >authentication binds. Later I once tried to write support for them but >got tired and didn't finish it. > >dovecot-auth tries to do everything inside one process (it's fast). >Making auth binds is a bit more difficult to do in non-blocking way. > >I've thought about adding checkpassword support for dovecot-auth >actually. For now you could support auth binds with PAM and pam-ldap >module. > > >ok for this :) i'll try to implement this, when i've time, i'll provide patch if i find an issue.>>- is the dovecot server support the IMAPdir feature like bincimap or not ? >> >> > >No, at least not yet. It's pretty nice format, but for being named >IMAPdir I think it should have been designed to be 100% IMAP-compatible. > >The problem is that with IMAPdir (and Maildir++) RENAME isn't atomic >when it has to rename subfolders. Also renaming INBOX can be problematic >to implement atomically (the INBOX must never be lost). > > >i don't understand as well, i'll try to find document about that.>Pretty much the only way to do this with UNIX would be to use real >directories to implement hierarchies rather than a special '.' separator >in file/directory name. I wonder why Andreas didn't do this. > >IMAPdir use real directory to implement hierarchy, if i create a folder, it is created in IMAPdir directory like that : IMAPdir \_INBOX \_TestFolder so the IMAPdir use real directory and not special '.' separator... Herv?.