Quoting Claudio Jeker <[EMAIL PROTECTED]>: > If you can not trust your network (backbone) you should move the ldap > server.
Guess you haven't heard. There is no such thing as a secure network! If it runs TCP/IP, then it's insecure. Using any means necessary to sure the transmittion of data is a good thing. > Use e.g. a secure replication to all mailservers. Replication to all mailservers? Do you mean 'secure replication of LDAP data to all mailservers'? So? SSL/TLS/SASL is good. It's secure. Why not accept the SSL/TLS/SASL patch and let people deside for them self!? Don't shove your idea of 'secure networks' down MY throught. > For every mail and auth_request a new connection has to be setup to the > ldap server. Again, so? If people want this, it is possible to give the people what they want, why not GIVE the people what they want? If you disagree, that's your right, but for those that don't agree with you, let them deside for them self! > The tls/ssl connection overhead would delay everything and > cause a tremendous load on the mail server and the ldap server becasue of > the many short request. Have you tried!?!? I have! I've been running this live on my system for about 1-1.5 years now. No problem (what so ever!). The load is minimal, timeouts are very low. I'm two-thre mails / sec slower than a original Qmail system! -- arrangements domestic disruption fissionable genetic PLO 767 smuggle killed South Africa spy tritium KGB pits Ft. Meade AK-47 [See http://www.aclu.org/echelonwatch/index.html for more about this]
