[JDEV] Simple LDAP Authentication

mark at mjwilcox.com mark at mjwilcox.com
Tue Apr 24 18:58:00 CDT 2001


I haven't seen the module in question so I can't specifically tell you 
how to go about fixing it. 

There isn't a technical reason why plaintext and LDAP 
authentication can't work. We did it for xdb_ldap for Jabber 1.0.
The LDAP library simply must make an ldap_bind() call with the 
user's DN and password. 

However, that will only solve the authentication issue. I don't know 
of an LDAP module that stores everything (ie filters, presence, 
rosters) in LDAP. Until we get all of this information moved from 1 
file per user into a database, the limitations will exist. The easiest 
temporary hack to xdb_file would be to enable users to be stored in 
directories according to username
ie:
a --> all usernames start with a
b --> .. with b
....

I know this is how the cyrus IMAP server gets around the 32K 
directory limitation. 

It does look like that some help may arrive with the xdb_java stuff.

Mark

On 24 Apr 01, at 18:58, Mark Cheverton wrote:

> mark at mjwilcox.com wrote:
> > 
> > Sorry, I may have rushed to judgement, but I still think that
> > totally reinventing the wheel is always the wrong the thing to do. I
> > didn't mean to insinuate what you did was silly or stupid, but that
> > there is a right way and a wrong way to do LDAP authentication.
> > 
>  Can I just insert in here a question I didnt really get an answer to,
> using yet another ldap module in contrib:
> 
>         I've just been playing with the C&W ldap xdb module which
>         works
> very
> well with 1.4. Unfortunatly my ldap DB has passwords stored as MD5
> hashes and so the digest or plaintext method will not work. Is there
> any plans to work with this kind of scheme (I dont really see a way
> roud it unless you want to abandon the concat with the session key or
> bind directly to the ldap server for auth which aint good) or should I
> just plan on storing a plain text password specifically for jabber?
> 
> -Mark
> -- 
> Mark Cheverton aka [MORAT]Ennui				http://morat.net/
> Morat Games						ICQ: 42123856
> 
>     Free hosting for clans including discussion boards, email etc. If
>     you need hosting for your clan with all the gaming extras see
>     http://clans.morat.net/hosting.phtml
> 
>                        --+++ Less Lag More Frag +++--
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
> 
> 


Mark Wilcox
mark at mjwilcox.com
Got LDAP?




More information about the JDev mailing list