[rt-users] LDAP solution that works

Robert Paskowitz rpaskowitz at michener.ca
Tue Aug 17 08:39:55 EDT 2004


The need for a second LDAP server just doesn't exist within the building. We actually do have multiple LDAP servers running, but each is a mirror, as they are all brought up by eDirectory on NetWare machines.

I managed to implement the IMAP authentication, and it was dirt simple. I used the existing code for the LDAP authentication, and just popped in a few IMAP lines.

Bringing up a second LDAP server would simplify the authentication, (no recursive seraching for the context), which is already perfected (as much as can be) for our other uses. Unfortunatly even if we implemented the second LDAP server, we would still need the IMAP service up to authenticate fully external entities that cannot authenticate against eDirectory.

I plan to clean up my code a bit, and post the IMAP authentication, hopefully some other people may find it useful.

Robert

>>> Carl Makin <carl at xena.IPAustralia.gov.au> 08/16/04 19:48 PM >>>
Hi Robert,
Sorry for taking so long to reply.

Robert Paskowitz wrote:

>take off because of some complexities. Our users are stored in all levels of the tree, so a fairly bruteforce recursive check is needed, which is time consuming, wasteful, and doesn't always seem to work. Some of our 
>
How about bringing up another LDAP server with a more standard schema 
and populating it from the first at regular intervals.  Our primary LDAP 
server is actually populated from several different sources, some of 
them other LDAP servers with weird schemas (The PABX management server 
for instance) and NT/Active Directory groups.

You could also then get rid of the IMAP authentication as well.


Carl.





More information about the rt-users mailing list