[Web-cyradm] LDAP accounts / authentication

Mikko Toivola mikko.cwa at pikkasenkuti.com
Wed Oct 4 21:59:35 CEST 2006 

On 4.10.2006, at 5:46, Ted Targosz wrote:

> well, i certainly agree with your concept. I very much wanted to  
> have a
> "pure" LDAP for authentication when I set up my company's cyrus server
> last year, but since it was my first implementation of web- 
> cyradmin , I
> decided to go with the simple, default arrangement (everything in  
> mysql)
> and no LDAP...

That Is indeed the easiest way, but it shouldn't be too hard to  
migrate from mysql to ldap afterwards. I have to do some scripts for  
myself at least.


> I think the beauty of doing a conventional LDAP for authentication is
> that you could use that LDAP database to authenticate all sorts of  
> other
> services besides email...

That's why I'm planning this too. Many applications are able to  
authenticate users via imap (or imaps), but I don't think imap itself  
offers a way to change password, where as ldap does. And I don't  
think it's "right" to use imap as authentication method, that would  
require that the user has imap account. LDAP just is widespread  
standard for authentication and doesn't by itself depend on any  
database backend, which is good

> but keep in mind, i'm just an engineer...and not much of a programmer,
> so i have no idea how difficult that might be to do...

And I'm only just studying to be an engineer :). But I have been  
programmer for few years and know php quite well. As it has been  
discussed earlier on this mailing list (I searched the archives..),  
there's quite a few ways implementing LDAP authentication in PHP. PHP  
offers very well documented LDAP-functions natively, and PEAR-project  
offers at least two way to do it via it's abstraction layer. I think  
they all need ldap-support in php, and for the lack of documentation  
on the pear-"ways" (and since they were on beta-stage last time I  
checked) I'm trying the native php way first. If it works, then  
perhaps checking the pear-thing out. I'm planning to add a  
configuration directive for authentication type, so you can easily  
switch between mysql and ldap authentication. I'll let you all know  
when I have something working. Might take a while, school is taking  
lot of time resources at the moment.


Mikko Toivola

More information about the Web-cyradm mailing list