One of the key developments in R11.2 is improvements to our directory configuration for Internet messaging. There have been changes to each of our three Internet servers.
In a previous blog, I talked about the LASER routing changes to M-Switch, as a new approach to local routing configuration. From an overall Internet messaging perspective, this change brings the advantage that M-Box and M-Switch can share a common per-user configuration (a single directory entry for each account).
We've also implemented 'LDAP Proxied Authorization Control' (Proxy Auth) in M-Vault. This is not yet a standard, but we anticipate that it will be standardized:
http://www.ietf.org/internet-drafts/draft-weltman-ldapv3-proxy-13.txt
Proxy auth is used where a server wishes to perform directory operations on behalf of another user. The feature of proxy auth that is important for Isode Internet messaging is that the "other user" is specified as "user@domain". This "other user" name is mapped onto a directory distinguished name, using one of the same options available with the Isode SASL support:
- Using an Active Directory compatible mapping
- Use a single search (for mailbox)
- Use a two stage search (first domain, and then user within the identified subtree from the first search)
M-Box can use this mechanism to get information on IMAP and POP users. It will use the account name provided (either directly or via SASL), and use the proxy auth mechanism to map to a distinguished name and to retrieve information from this entry. This gives flexibility, as the name mapping is not handled by M-Box, and is the same as used for SASL verification.
We've also extended M-Box's user and server configuration options using LDAP, to include information such as user quota. It is also possible enable/disable POP and/or IMAP services on a per user basis.
Steve
Comments