Re: [tpop3d-discuss] ldap virtual auth plugin : near release

[Chris Lightfoot]

On Thu, Feb 21, 2002 at 10:01:48AM -0700, Ben Schumacher wrote:
> On Thu, 21 Feb 2002, Chris Lightfoot wrote:
>  [..snip..]
> > Presumably you can set ACLs so that (say) the email
> > address and name of a user are publically available, but
> > another attribute -- a password hash, say -- is available
> > only to the administrator and the user as whom the POP
> > server binds to the server?
> 
> This would be the advantage of the search then bind way of authenticating.
> You could do the search as a anonymous, or low-priv'd user. For example,
> for the sake of efficiency, you could add a user that is only used by
> tpop3d -- an application user. The application binds as that user and
> issues its search as normal, however, it will only receive results for
> users that are allowed to check their email via POP3. So, if you have a
> database of 1500 users, and only 100 of them are allowed to use POP3 to
> check email, then the tpop3d user (through ACLs) would only be allowed to
> return results from those 100.

OK, this sounds plausible. In that case, I won't bother
adding the other model of operation to the LDAP code....

-- 
 When our backs are against the wall we must turn round and fight
 (John Major)