|
From: | Prune |
Subject: | Re: [tpop3d-discuss] ldap virtual auth plugin : near release |
Date: | Thu, 21 Feb 2002 11:48:44 +0100 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 |
this is hierarchical./* auth_mysql_new_user_pass */
authcontext auth_mysql_new_user_pass(const char *user, const char *pass,
const char *host /* unused */) {
authcontext a = NULL;
char *local_part = NULL;
const char *domain;
char *filter = NULL;[...]/* we split the login and the domain from the email style login given
by the user */
domain = user + strcspn(user, "@%!");
if (domain == user || !*domain) return NULL;
++domain;
local_part = xmalloc(domain - user);
if (!local_part) return NULL;
memset(local_part, 0, domain - user);
strncpy(local_part, user, domain - user - 1);- Secondly, you never use the domain in constructing the
query against the directory. How do you specify the
existence of accounts in more than one domain?you're right.
I search for the email address (unique, containing the domain). I use
'user' to build ldap filter. 'user' is the mail+domain or whatever is
typed by the user.
Ah, OK. Is this the normal procedure with LDAP? I had
understood that you were expected to build heirachical
directories....
globally no. It can be changed or depend on which attribute you're requesting. but, no. search filters are not case sensitive.
Is LDAP case-sensitive?
You can do both. getting the password and testing is the "old way" of doing. At least, I think....
You establish whether the user has credentials on the
mailbox by seeing whether they can bind (roughly
equivalent to `log in', right?) to the LDAP server. Is
this the normal approach? (I had assumed that one would
have an attribute which contains a password hash -- as
auth-mysql does -- and then test that explicitly.)
I don't have 20 accounts to send you :)Release the new tpop3d, and I'll work on this. it's simple to change.
Maybe you would like to have access to my test ldap server ?
I have OpenLDAP up and running, but if you could send me
(not to the list I think...) twenty or so account
specifications in the form above, that would be helpful.
[Prev in Thread] | Current Thread | [Next in Thread] |