Bug#347659: [Pkg-Cyrus-imapd-Debian-devel] Bug#347659: please
discuss patch for ldap authentification (Kolab)
Sven Mueller
cyrus at incase.de
Thu Jan 12 19:48:04 UTC 2006
Henrique de Moraes Holschuh wrote on 12/01/2006 01:05:
> On Wed, 11 Jan 2006, Steffen Joeris wrote:
>
>>This is the ldap authentification patch for cyrus.
>>As far as I know it enables the ldap authentification.
>>Kolab uses ldap for all user information.
>
> [...]
>
>>-{ "virtdomains", "off", ENUM("off", "userid", "on") }
>>+{ "virtdomains", "off", ENUM("off", "userid", "ldap", "on") }
>
> THAT I didn't like at all. If it is an authz module, it should have been
> plugged to the ptloader. Looks more like a hack to the vir. domain system.
>From what I saw in the patch, it uses the LDAP userid (uid field) to
look up the primary email address of the user. It then returns that
email address canonified for authentication (i.e. the user logs in with
his uid, but mail is stored and passwords looked up in sasl according to
his primary email address.
Besides thinking that the patch is somewhat incomplete (it doesn't
handle alternate addresses at all AFAICT), I don't see how it could harm
normal cyrus operation.
> If kolab touched that, the chances of we taking the patches have decreased
> to close to zero. I do NOT want people doing such things that 2.3 will
> NEVER support.
Well, I don't really see how to map LDAP uids (which are normally also
login names for servers/workstations) to email addresses (on which cyrus
operates. The only alternative would be to not use vdomains in cyrus and
use the MTA to deliver mails to any of the mail addresses of a user to
<uid>.
However, I would definately like to see some solution for this.
> We might need a cyrus-kolab package that has the patches applied, and to
> keep the rest of cyrus "pure"...
As I already said in a different mail: I would personally not want to
get my hands dirty on a cyrus-kolab package if it includes the patches
which remove or weaken some of the sanity checks cyrus normally does.
Those are just asking for trouble. Apart from such patches, I would like
to incorporate as much of the cyrus-kolab patches into the main cyrus as
reasonable though.
cu,
sven
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list