Re: [Evolution] Evolution LDAP authentification
> Evolution does do authentication based on DNs, but the current scheme > doesn't rely on the user typing in the DN (which most users would rather > not remember)... So, we query on the email address they supply and get > the DN for the matching entry, and authenticate based on that. The same > scheme that netscape uses (and I think OE, but I'm not completely > sure...) OE actually uses the DN to find the matching entry for authentication. > There have been enough complaints from people that don't want to (or > can't) enable anonymous read access on their ldap servers and/or want to > authenticate vs. entries that don't have email addresses though, that > I'm thinking we'll need a way to allow the user to specify the raw DN if > they need to. It would be helpful to have two modes of operation: the "regular user" mode where they type in their email address for authentication, and the "advanced user" mode which expects the raw DN. I have actually been able to configure my LDAP server with limited anonymous read access (only some of the fields in the authentication record are publicly readable). Of course this works only if there are just a handful of users that have authenticated access. Here is the relevant portion of my slapd.conf: # Allow access to the Manager record only to the Manager access to dn="cn=Manager,dc=chawathe,dc=com" by self write by * none # Allow everyone to read enough fields of the authentication record(s) # to initiate the authentication process # Many email/LDAP clients perform authentication based on the value of the # "mail" entry in the authentication record. That's why they need read # access to some of the entries in the record access to dn="cn=Yatin Chawathe,dc=chawathe,dc=com" attr=entry,dn,objectClass,cn,mail by self write by * read # Everyone needs auth permission for the record(s) as well # This allows enough permission to verify # the client's password access to dn="cn=Yatin Chawathe,dc=chawathe,dc=com" by self write by * auth # Evo needs permission to read this to access the schema access to dn="cn=Subschema" by self write by * read # The default access permissions access to * by dn="cn=Manager,dc=chawathe,dc=com" write by dn="cn=Yatin Chawathe,dc=chawathe,dc=com" write by * none Hope this helps, Yatin ___ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
[Evolution] Evolution in NY Times
Hi all, I'm not sure if this is late news to folks on this list already, but there is an article in the Circuits section of today's New York Times on our very own Evo. Here's the link to the article: http://www.nytimes.com/2001/12/13/technology/circuits/13GEE3.html You may need to register (for free) on the NY Times site before being able to read the article. Cheers! Yatin ___ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
[Evolution] What are the plans for officially supporting LDAP auto-completion?
Hi, Evolution seems to satisfy most of my requirements for an email client. The one thing that I cannot do satisfactorily is automatic address completion from an LDAP server. I maintain my entire personal addressbook on an LDAP server (which works beautifully with evo's capabilities for writing to LDAP servers). I have added the "unsupported" magic required to turn on LDAP auto-completion to my config.xmldb. But, it doesn't quite work flawlessly yet. I know that this is not a supported feature, but if one of the evo developers have some insight into when they expect to be able to officially support it, I'd love to know. One of the problems I experience with the current LDAP address completion setup is that it makes the address entry process seem sluggish. As far as I can tell, at some point while I am typing in an address or name in the To: (or Cc:) field, evo goes out and queries the LDAP server. But that process seems non-deterministic, and at least part of it seems to be a blocking operation since it causes the entry field to stop accepting keystrokes for a brief period. A "better" (in my opinion :) method may be to query the LDAP server only when the user presses an explicit key (such as as in Netscape Communicator, or Ctl-K in Outlook Express). This isn't the most elegant solution, but it prevents unnecessary queries to the server, and allows the user to know explicitly whether the system is interacting with the LDAP server or not. Just my 2 cents... Yatin ___ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
Re: [Evolution] LDAP autocomplete ...
Chris, Thanks for the prompt response. I do have an openldap server. I installed it on my RedHat 7.2 system using the RPM package shipped by RedHat. I checked my configuration, it had subinitial indices for cn and mail. I turned on sub indices for cn and displayName. However, I still see quite long latencies. After I type in the substring/prefix, it takes anywhere between 6-15 seconds for the window with expanded names to pop up. While I am waiting, there is no indication whether the LDAP server already returned a null result for the query, or whether the query is still in progress. Yatin On Tue, 2002-03-12 at 13:13, Chris Toshok wrote: > Do you have indexing turned on for the cn and mail fields? evolution > presently does a prefix search on mail and a substring search on cn, so > "mail=foo*" and "cn=*foo*". oh, and it also does a prefix search on > displayName, so indexing that might help too. > > Is this an openldap server? by default the only indexing turned on for > them is on objectClass. > > Chris > > > > > I tried the latest evolution snapshot. The response time for evo to resolve > > a name from the LDAP server as I type into the To: or Cc: boxes still seems > > too long. My LDAP server is one hop away on a local LAN from my evo client > > machine. I think part of the problem may be that there is no visual > > indication that the application is still waiting for a response from the > > LDAP server. So the user has no idea as to what is actually going on. > > > > The auto-completion for LDAP is great when it works smoothly and quickly. > > But, its current latency is an issue for me. I wish I could simply type in > > a comma-separated list of portions of names or email addresses, and then > > press a single key to expand all of those names/addresses from the LDAP > > server. Most often I have exactly one contact for each expansion and those > > should be expanded without any further user intervention. Currently, for > > each address, I need to wait an indeterminate amount of time without > > feedback as to whether the query to the LDAP server succeeded or not, then > > use the Down arrow followed by the Return key to expand each of these > > common-case addresses. The single-key-press expansion would eliminate that, > > and the UI could pop up a box or change the mouse cursor to a > > watch/hourglass to indicate that it is checking the addresses against the > > LDAP server. In the few cases that there are multiple possible expansions, > > evo could display all of the possibilities to allow the user to pick one as > > it already does. I use this feature very often with Outlook Express (press > > Ctl-K to resolve addresses from the LDAP server) and would love to have it > > in Evo as well. > > > > I know that incorporating this instead of auto-completion would result in > > conflicting user interfaces depending on whether you use a local Contacts > > folder or an LDAP-based addressbook, but in my opinion, the latency of LDAP > > servers justifies having this different UI. > > > > Any thoughts? > > > > Yatin ___ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
Re: [Evolution] LDAP autocomplete ...
On Tue, 2002-03-12 at 15:26, Chris Toshok wrote: > Yeah, I'm pretty sure more is going on with the completion code.. I'll > take a look - we also need to have it give status about queries in > progress. Are you at all considering an explicit-completion mode rather than auto-completion, where the user explicitly controls whether and when the LDAP server is queried e.g. by pressing a specific key combination? How does the code currently determine when to send a query to the LDAP server? If I am typing "t o s h o k", does it send more and more specific queries as I type each letter? Thanks, Yatin ___ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
