[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Trying to get the ldapdb plugin working.
> -----Original Message-----
> From: Edward Rudd [mailto:eddie@omegaware.com]
> I will *try* to write up a howto on my setup this weekend,
Sounds good...
> and I've been helping Tarjei with this as well..
>
> Howard Chu,
> I am also looking at patching ldapdb to allow a "filter" per
> authentication
> service, so as to limit users to smtp or imap via a ldap
> attribute..
Hm. That seems like extra work. Why not just control this by presence or
absence of ldapdb in the SASL configuration for your smtp or imap servers?
> (ie. ldap_filter: (allowed_services=imap). I have the openldap
> 2.1.22 release of ldapdb and
> the CVS rev 1.6 release (which won't work correctly in my above
> setup, but that's another issue I'll track down later)..
The 2.1 ldapdb and the CVS revision have diverged, although I've just merged
the CVS version into the 2.1.23 candidate so they're unified again.
The 2.1 (old) ldapdb uses SASL Bind with Proxy Authorization to connect to
the LDAP server and then query it using LDAPwhoAmI. The new ldapdb uses SASL
Bind (without Proxy Authorization) and then LDAPwhoAmI with the
ProxyAuthorization Control. Both approaches require the slapd to have Proxy
Authorization properly configured, so I'm not sure why there would be any
difference in behavior.
> Do you have any
> suggestions where I should best add this "check" in the
> ldapdb plugin?
You'll have to add your filter attribute to the attrs array in
ldapdb_auxprop_lookup, so that it will be returned during the query. Probably
set a special index for it (like -1, or some other invalid value) in aindx so
that you can treat it specially. You should probably add a config keyword to
select what filter attribute it should use. We can talk about it off the list
if that's not clear.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support