kenglund wrote:
openLDAP is authenticating through our mail server, which wants bind requests in version 2 format.
Can you please elaborate how the architecture really looks like?
Modification of the mail server software to use version 3 authentication does not seem to be an option, as (according to my Tech guy) it is “really not LDAP”, but has an “LDAP Like” interface.
Is my understanding correct that the mail server has a LDAP interface and your OpenLDAP installation proxies bind requests to this server? Or does PloneLDAP bind to the mail server directly (via python-ldap/OpenLDAP libs)? In this case you would have to convince the PloneLDAP developers to set class attribute
LDAPObject.protocol_version=ldap.VERSION2
This would need a configuration option and is therefore rather a PloneLDAP feature request.
Note that depending on the LDAPv2 server implementation you can run into issues with NON-ASCII characters if you naively change the protocol version (since LDAPv3 applications correctly assume Unicode with UTF-8 encoding).
Ciao, Michael.