Open Bug 521925 Opened 15 years ago Updated 2 years ago

LDAP binding with X509 certificate for address book

Categories

(MailNews Core :: LDAP Integration, enhancement)

Product:
MailNews Core
Component:
LDAP Integration
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: eddie2070, Unassigned)

References

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.13) Gecko/2009080315 Ubuntu/9.04 (jaunty) Firefox/3.0.13
Build Identifier: 

Running an openldap server to publish certificates for encrypting emails. LDAP login methods avalaible in Thunderbird are dn./password and newly GSSAPI method (with Kerberos). Authentication on ldap is really important to use ACLs.

Solution would be to authenticate to the LDAP through certificates located in the Thunderbird store !!! (and so on a security device as a token so this would be strong authentication).

OpenLDAP support SASL external, so its possible to authenticate with certificates... and would be really welcomed to be authenticate from thunderbird with certificates...

Reproducible: Always
Depends on: 521952
Status: UNCONFIRMED → NEW
Component: Address Book → LDAP Integration
Ever confirmed: true
Product: Thunderbird → MailNews Core
QA Contact: address-book → ldap-integration
Summary: LDAP binding with X509 certificate for address book - Security enhancement → LDAP binding with X509 certificate for address book
Component: LDAP Integration → Address Book
Product: MailNews Core → Thunderbird
TrustedBird Project based on Thunderbird has implemented SASL-EXTERNAL during year 2010. This might be a good start : http://adullact.net/plugins/mediawiki/wiki/milimail/index.php/SASL_EXTERNAL/fr
David Bienvenu, implement EXTERNAL auth for IMAP already in trunk, so it might easier to move some of it to LDAP.
Component: Address Book → LDAP Integration
Product: Thunderbird → MailNews Core
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.