[patch]saslauthd+ldap+virtual_domains
Kervin L. Pierre
kervin at blueprint-tech.com
Mon Oct 14 19:31:09 EDT 2002
Thanks for the clarification,
How about an option to extract the domain context from %u for the search
base? ie. The option derive %d from %u instead of %r
I think there's an opportunity to greatly improve the search times. The
global search may have to go through hundreds of thousands of records,
while a more directed search may just be single scope search with a few
hundred records to look at.
Thanks,
--Kervin
Igor Brezac wrote:
>
> On Mon, 14 Oct 2002, Kervin L. Pierre wrote:
>
> >
> > Hi,
> >
> > attached is a patch to cyrus/saslauthd/lak.c to allow it to expand '%d'
> > macro in ldap_search_base option to the domain context derived from the
> > realm '%r'.
> >
> > eg.
> >
> > ldap_search_base: ou=people, %d
> > in saslauthd.conf
> >
> > if realm is 'domain.tld', the ldap search base will expand to
> > 'ou=people,dc=domain,dc=tld'
> >
> > Does imapd always provide the realm in a virtual server environment when
> > authenticating users? Is it safe to assume that the realm is
> > 'domain.tld' or more specifically the domain given to mkimap script?
> >
> > Is this correct/incorrect/unnecessary?
> >
>
> In most cases an organization will have one realm. Realms should not be
> confused with domains. In virtual domain setup, %u will look like
> username at domain.tld and unless you setup a realm, %r will be blank. So,
> %d is not necessary in this case.
>
More information about the Info-cyrus
mailing list