On Mon, Jul 02, 2001 at 11:55:32AM -0400, Dan Melomedman wrote:
> On Sun, Jul 01, 2001 at 10:19:28PM +0200, Henning Brauer wrote:
> > Well, this is much to complicated and error-prone IMHO. I don't like the
> > idea of "virtual pop3 servers". Our mail machines have 2 to 5 IPs each while
> > the webhosting ones have a few hundred.
> Please elaborate. There are many ways to implement virtual servers,
> including simply bounding your pop3 server to an IP alias (this again,
> shouldn't be needed in a well-implemented server with support for
> virtual domains, which qmail-ldap claims to be). What's needed
> is a way to search for mail=user@domain, where domain is looked up from
> somewhere.
and this "somewhere" is the problem IMHO.
I don't really like the idea of logging in using the email adress' local
part only.
> auth-pop3 could take a path as an argument to where to look for
> @domain part for starters. This however requires you to run a separate
> pop3d per every virtual server, which in itself is not an ideal way to
> do it.
So we are back to "1 IP per (virtual) domain". Which requires a) a lot of
IPs and b) a IP-to-domain mapping file (or tons of qpop3d processes).
> An ideal way, IMO is to look at the client's IP address, match
> it, and append appropriate @domain for LDAP search.
Come on. I don't know which client IP belongs to which virtual domain. If
you have roaming users (except staff we don't have another user type...)
this is simply impossible.
> Heck, this can even
> be done in tcpserver by setting an environment variable $DOMAIN or
> something like that. Just how error prone would this be?
doesn't work very often...
> > I thought about adding "(|(mail=[supplied
> > uid])(mailalternateaddress=[supplied uid]))" to the search string. This way
> > users could just login using their email address. We all know that there are
> > lients out not allowing @ in the username - they are stupid, ignore them,
> > kick them, burn them, whatever ;-)) they can still log in using their "real"
> > uid. the modification should be fairly easy.
> Different attributes for smtp and pop3 authentication are stupid.
Huh?? smtp authentication? stock qmail-ldap doesn't have this feature.
I never talked about different auth attributes. If the mail and
mailalternateaddress attributes are valid login ids they should be valid
everywhere of course.
Greetings
Henning
--
* Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de *
* Roedingsmarkt 14, 20459 Hamburg, Germany *
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
