Re: [tpop3d-discuss] ldap virtual auth plugin : near release

[Prune]

hi,

Chris Lightfoot wrote:
> On Mon, Feb 18, 2002 at 05:08:52PM +0100, Prune wrote:
>     [ auth-ldap stuff ]
>
> I've been workin on integrating this-- there are a couple
> of things I'm not happy with in the existing code, for
> instance the use of fixed-length buffers, which I'm
> changing, but in the meantime, I have a couple of
> questions:
>
>   - Firstly, can you give me some example data against
>     which the plugin should be able to authenticate (in
>     LDIF format or whatever). I'm not very familiar with
>     LDAP and it's not quite clear to me what the code is
>     expecting to find in the directory.
>   
my test user is :
  
 more ~/ldapbrowser/toto.ldif
dn: uid=toto, ou=users, ou=copain2000.com, dc=lecentre, dc=net
sn: totoo
userPassword:: dG90bw==
uidNumber: 10000
gidNumber: 6
mail: address@hidden
objectClass: inetOrgPerson
objectClass: mailRecipient
uid: toto
cn: toto
maildrop: /var/mail/test1/
> > /* auth_mysql_new_user_pass */
> >
> > authcontext auth_mysql_new_user_pass(const char *user, const char *pass, const char *host /* unused */) {
> >   authcontext a = NULL;
> >   char *local_part = NULL;
> >   const char *domain;
> >   char *filter = NULL;
> >       
>     [...]
> >     /* we split the login and the domain from the email style login given by the user */
> >     domain = user + strcspn(user, "@%!");
> >     if (domain == user || !*domain) return NULL;
> >     ++domain;
> >     local_part = xmalloc(domain - user);
> >     if (!local_part) return NULL;
> >     memset(local_part, 0, domain - user);
> >     strncpy(local_part, user, domain - user - 1);
> >         
>
>   - Secondly, you never use the domain in constructing the
>     query against the directory. How do you specify the
>     existence of accounts in more than one domain?
>         
you're right.
I search for the email address (unique, containing the domain). I use 'user'
to build ldap filter. 'user' is the mail+domain or whatever is typed by the
user.
Maybe my search is not what people may want.
In the config file you can choose which attribut to search against. the 'login'
given by the user is stored in 'user'.
Ldap does not work as a DB do. you don't search for 'user=foo AND domain=bar.com'.
The domain is contained in the DN, and can't really be searched. but instead
we use unique attributs like email, or uid.
        
        
My problem, by now, is that you have to give a login with a '@', or you'll
be treated as a 'lier!' :)
maybe some people would like to have logins as 'toto%domain' or "toto_domain_com".
This is not actually possible... (old netscape does not allow @ in usernames,
for example).
I think it's the same problem with other plugins ?
        
Release the new tpop3d, and I'll work on this. it's simple to change.
Maybe you would like to have access to my test ldap server ?
> I think I understand broadly what your code does, though,
> so I should be able to finish integrating it and do
> another pre-release within the next few days.
>
>           
Fine. I'll then modify some few things, and it will be ready.
          
Cheers,
Prune