Bug#347659: [Pkg-Cyrus-imapd-Debian-devel] Bug#347659: please discuss patch for ldap authentification (Kolab)

Henrique de Moraes Holschuh hmh at debian.org
Fri Jan 13 00:49:16 UTC 2006 

On Thu, 12 Jan 2006, Philip Thiem wrote:
> Cyrus 2.2 Supporta Virtual domains and SASL has or at least can be properly
> patched for LDAP authentication.  It always seemed to me like SASL was the

There are three mechanisms that much act together to properly have accounts
in LDAP:

1. LDAP auth (SASL with auxprop+LDAP patch -- not in Debian, we need to
   update to latest sasl + the patches;  saslauthd works, but it is on
   its way out)

2. Cyrus ptloader autorization module for LDAP (IMAP ACL support)
   This is how upstream wants it done, and there is a damn good ptloader
   module for LDAP, we would do well to support that one in Debian, but
   it is useless if we don't fix the SASL packages.

3. Cyrus mailboxes database, which is *NOT* in LDAP -- usually people work
   around this one using the autocreate patches, and scripts to remove
   outdated mailboxes.

I am completely against messing with (3) in any way that will not work in
2.3 in the replicated Murder with Virtual Domains scenario, and I am also
completely against anything that does not do (2) correctly.  So, I am
completely against the ldap mess kolab did on the virtual domain code: we
don't want to support non-kolab users using that.

Now AFAIK (so far), kolab needs to filddle with a lot of stuff because they
did something that *everyone* who ever tried to do it that way before had
been told to Not Do It by Cyrus upstream: they got information that is out
of band (the domain) and placed it in-band (user at domain mailboxes).

So please excuse me if I am dead set against adding such stuff to regular
Cyrus, it is asking for trouble.   OTOH, I don't mind adding a cyrus-kolab
package with the patches that break cyrus so that kolab can work applied (I
will talk about this on the ML thread about the kolab+cyrus team
collaboration).

> * Patching SASL if the upstream stream isn't ready (i'm using a patched 
> package
> myself).

We should have a proper LDAP-worthy SASL in Debian, but nobody stepped up to
take care of the monster of a package that is SASL, and I simply do NOT have
the time right now.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

More information about the Pkg-Cyrus-imapd-Debian-devel mailing list