In <3A15A80E.9B551AB3@???> barryp@??? (Barry Pederson) writes:
>After fooling with "exim -be" a bit I'm fairly certain it could be done, using
>the user= and pass= settings in an LDAP lookup, something like:
>plain:
> driver = plaintext
> public_name = PLAIN
> server_condition = ${lookup ldap {user=XXXX pass=$3 \
> ldap:///ou=foo,c=bar?uid?sub?uid=$2}{1}{0}}
>The problem is the part: "user=XXXX" which needs to be an LDAP DN. If you're
>lucky enough to have DNs that are simply userids followed by a base DN, you
>can get by with something like: user="uid=$2,ou=foo,c=bar"
>On our server, the DNs can't be so easily calculated, and need to be looked
>up.
I had a similar problem, in that the dn consisted of the user's domain
name as well, with uid=user@domain. I got it working with the following
recipe, but I'm wondering if there's a simpler way to pull these
variables out than overloading if match in order to use the pattern
matching of pcre. Any suggestions? Also, there is a hack built into this
for users to actually login as user%domain. This is done because
Netscape refuses to pass user@domain as a username to AUTH. It silently
strips off the @domain.
fixed_plain:
driver = plaintext
public_name = PLAIN
server_condition = \
"${lookup ldap{USER=\"uid=${if match{$2}{(.*)%.*}{$1}{}}@\
${if match{$2}{.*%(.*)}{$1}{}},\
ou=accounts,o=${if match{$2}{.*%(.*)}{$1}{}},l=BASE_DN\" PASS=\"${3}\"\
ldap:///l=BASE_DN?mail?sub?(&(uid=${if match{$2}{(.*)%.*}{$1}{}}\
@${if match{$2}{.*%(.*)}\
{$1}{}}))}{1}{}}"
server_set_id = ${if match{$2}{(.*)%.*}{$1}{}}@${ifmatch{$2}{.*%(.*)}{$1}{}}
--
Artificial Intelligence stands no chance against Natural Stupidity.
GAT d- -p+(--) c++++ l++ u++ t- m--- W--- !v
b+++ e* s-/+ n-(?) h++ f+g+ w+++ y*