On Mon, 2001-11-26 at 18:12, Vincent Frison wrote: > Hi, > > I'm confusing with LDAP authentification in Ev wich seems to be based > just on the mail attribut.. im using OpenLDAP for testing on my > localhost and im really not an LDAP hacker, but the only way to make an > authentification _seems_ to be with the DN attribut (without considering > domain restrictions). If not what's the magic line in slapd.conf?
Evolution does do authentication based on DNs, but the current scheme doesn't rely on the user typing in the DN (which most users would rather not remember)... So, we query on the email address they supply and get the DN for the matching entry, and authenticate based on that. The same scheme that netscape uses (and I think OE, but I'm not completely sure...) There have been enough complaints from people that don't want to (or can't) enable anonymous read access on their ldap servers and/or want to authenticate vs. entries that don't have email addresses though, that I'm thinking we'll need a way to allow the user to specify the raw DN if they need to. > BTW, everthing works perfect if i grant write access to *, but i would > consider it as a temporary configuration ;] Hmm, things should work without blanket write access - evolution assumes you have it once you authenticate, but it should work even with more restrictive access (you'll just get dialogs saying evolution was unable to create/modify/delete cards). Chris _______________________________________________ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution