Claudio Jeker ([EMAIL PROTECTED]) wrote: > > If you can not trust your network (backbone) you should move the ldap > server. Use e.g. a secure replication to all mailservers. > For every mail and auth_request a new connection has to be setup to the > ldap server. The tls/ssl connection overhead would delay everything and > cause a tremendous load on the mail server and the ldap server becasue of > the many short request.
This is the optimum solution and I agree about the overhead, however it is nice to leave the decisions about security and how much load is acceptable to the user of the software. > The complete rework of the qldap-ldaplib is on my todo list. The problem > is that I haven't worked with ldap for long time and so it will take some > time. Did you look at my patch to qldap-ldaplib? I would like to be able to contribute to the project and not just add further fragmentation with patch upon patch. There aren't more than 5 function calls from libldap that are required for Qmail-LDAP, and with the exception of TLS the Sun ONE/iPlanet/Netscape and OpenLDAP 2.x function names are identical. This is a really great software (patch), but from time to time it needs to be modernized (LDAPv2->LDAPv3, for one). Best Regards, -- Mike
