Re: [Evolution] Evolution LDAP authentification

From: Chris Toshok <toshok ximian com>
To: Vincent Frison <turman ohmforce com>
Cc: evolution ximian com
Subject: Re: [Evolution] Evolution LDAP authentification
Date: 26 Nov 2001 18:48:00 -0700

On Mon, 2001-11-26 at 18:12, Vincent Frison wrote:

Hi,

I'm confusing with LDAP authentification in Ev wich seems to be based
just on the mail attribut.. im using OpenLDAP for testing on my
localhost and im really not an LDAP hacker, but the only way to make an
authentification _seems_ to be with the DN attribut (without considering
domain restrictions). If not what's the magic line in slapd.conf?


Evolution does do authentication based on DNs, but the current scheme
doesn't rely on the user typing in the DN (which most users would rather
not remember)... So, we query on the email address they supply and get
the DN for the matching entry, and authenticate based on that.  The same
scheme that netscape uses (and I think OE, but I'm not completely
sure...)

There have been enough complaints from people that don't want to (or
can't) enable anonymous read access on their ldap servers and/or want to
authenticate vs. entries that don't have email addresses though, that
I'm thinking we'll need a way to allow the user to specify the raw DN if
they need to.

BTW, everthing works perfect if i grant write access to *, but i would
consider it as a temporary configuration ;]


Hmm, things should work without blanket write access - evolution assumes
you have it once you authenticate, but it should work even with more
restrictive access (you'll just get dialogs saying evolution was unable
to create/modify/delete cards).

Chris

Follow-Ups:
- Re: [Evolution] Evolution LDAP authentification
  - From: Yatin Chawathe

References:
- [Evolution] Evolution LDAP authentification
  - From: Vincent Frison

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]