I'd like to setup a server to to SMTP AUTH against an LDAP server. Looking
back through the archives, it looks like other people have used pam_ldap to do
this.
pam_ldap (at least the one I found at
www.padl.com) doesn't seem to want to
compile on FreeBSD (if anyone has a fix for this, I'd love to hear it) - which
got me to wondering if it could be done without PAM, using only Exim's LDAP
support.
After fooling with "exim -be" a bit I'm fairly certain it could be done, using
the user= and pass= settings in an LDAP lookup, something like:
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${lookup ldap {user=XXXX pass=$3 \
ldap:///ou=foo,c=bar?uid?sub?uid=$2}{1}{0}}
The problem is the part: "user=XXXX" which needs to be an LDAP DN. If you're
lucky enough to have DNs that are simply userids followed by a base DN, you
can get by with something like: user="uid=$2,ou=foo,c=bar"
On our server, the DNs can't be so easily calculated, and need to be looked
up. Unfortunately, it doesn't seem that you can use Exim's LDAP facilities to
lookup a DN. I tried something like:
${lookup ldap {ldap:///ou=foo,c=bar?dn?sub?uid=$2}{$value}{0}}
but it doesn't return anything - which I guess make sense since technically
the DN isn't an attribute? Anyone know of an easy workaround? Do all LDAP
libraries do this, or is this some weirdness of OpenLDAP (I'm using 1.2.9 at
the moment)
If there are no easy workarounds, I wonder if it wouldn't be worthwhile to add
another type of LDAP lookup to Exim, specifically for looking up DNs,
something like ${lookup ldapdn {...}}. I'd be willing to take a stab at this
if no-one has an easier idea.
Barry