On Sat, Feb 02, 2002 at 01:53:07AM +0100, Prune wrote:
Hi,
Almost done...
I have to be fresh tomorrow so I'm going to sleep.
I'm currently porting the auth_mysql to auth_ldap, this way :
having :
auth_ldap_host : hostname
auth_ldap_port : port (389)
-> this will go to auth_ldap_url = "ldap://localhost:389", fr example.
(as soon I have time)
auth_ldap_base_dn : ex : "dc=society, dc=com"
auth_ldap_login : login for admin auth
auth_ldap_pass : password of admin
auth_ldap_maildrop_attr : attribut containing where to put the mail
(ex : maildrop)
auth_ldap_mail_attr : attribut on which we do the search (ex : mail)
auth_ldap_uid_attr : the uid of the owner
first, we connect to LDAP and bind as admin
The most obvious thing I would say is not to perform mail-related
searches as admin, if by admin you mean LDAP root. By default, LDAP is
an unencrypted protocol and you really don't want to expose your root,
nor put yourself in the position of making a mistake and damaging your
database. Further, your ACLs are not taking effect with the
admin/root user.
If by admin you mean some ordinary user with different ACLs, then
disregard the above :-)
My mistake.... of course, I'll not use, personnaly, the "root" (or admin)
account. only a privilegied one, who can search the whole directory. Then...
as it's in the conf file, you do what you want... :)
Do you have LDAP experiences yet ?
http://paulmakepeace.com/resume_detail.html#slb.com altho' it's
certainly been a while...
If you're going to use LDAP URL format, you could consider putting the
rest of the information like base dn, authentication, port etc, in
there. LDAP URL format looks rather ugly but it's at least well known.
of course, I'll put everything I can in there... :)