[Exim] Re: LDAP, AUTH, PAM and Lookups

Top Page
Delete this message
Reply to this message
Author: John Henders
Date:  
To: exim-users
Subject: [Exim] Re: LDAP, AUTH, PAM and Lookups
In <3A15A80E.9B551AB3@???> barryp@??? (Barry Pederson) writes:

>After fooling with "exim -be" a bit I'm fairly certain it could be done, using
>the user= and pass= settings in an LDAP lookup, something like:


>plain:
>  driver = plaintext
>  public_name = PLAIN
>  server_condition = ${lookup ldap {user=XXXX pass=$3 \
>    ldap:///ou=foo,c=bar?uid?sub?uid=$2}{1}{0}}


>The problem is the part: "user=XXXX" which needs to be an LDAP DN. If you're
>lucky enough to have DNs that are simply userids followed by a base DN, you
>can get by with something like: user="uid=$2,ou=foo,c=bar"


>On our server, the DNs can't be so easily calculated, and need to be looked
>up.


I had a similar problem, in that the dn consisted of the user's domain
name as well, with uid=user@domain. I got it working with the following
recipe, but I'm wondering if there's a simpler way to pull these
variables out than overloading if match in order to use the pattern
matching of pcre. Any suggestions? Also, there is a hack built into this
for users to actually login as user%domain. This is done because
Netscape refuses to pass user@domain as a username to AUTH. It silently
strips off the @domain.

fixed_plain:
driver = plaintext
public_name = PLAIN
server_condition = \
"${lookup ldap{USER=\"uid=${if match{$2}{(.*)%.*}{$1}{}}@\
${if match{$2}{.*%(.*)}{$1}{}},\
ou=accounts,o=${if match{$2}{.*%(.*)}{$1}{}},l=BASE_DN\" PASS=\"${3}\"\
ldap:///l=BASE_DN?mail?sub?(&(uid=${if match{$2}{(.*)%.*}{$1}{}}\
@${if match{$2}{.*%(.*)}\
{$1}{}}))}{1}{}}"
server_set_id = ${if match{$2}{(.*)%.*}{$1}{}}@${ifmatch{$2}{.*%(.*)}{$1}{}}


-- 
  Artificial Intelligence stands no chance against Natural Stupidity.
            GAT d- -p+(--) c++++ l++ u++ t- m--- W--- !v
                 b+++ e* s-/+ n-(?) h++ f+g+ w+++ y*