On Mon, Apr 15, 2002 at 10:56:43AM -0500,
Dennis Pinckard <dpinckard@???> is thought to have said:
> I'd like to use a non-plaintext authentication scheme, such as cram_md5.
> Fortunately, or unfortunately, Bynari stores passwords in cleartext in
> the ldap server.
>
> I haven't been able to find any examples of performing a lookup in LDAP
> for authentication purposes. C008 and C036 are the closest I've found
> in the config samples.
Well I don't believe Outlook supports CRAM-MD5, only LOGIN. So you may have
to resort to that anyway. Just make sure things are configured to only
advertise LOGIN over encrypted connections. Although SPA would be a help I
guess, but I don't think anyone's contributed any examples on how that
works yet. Perhaps the person who submitted the SPA code to Philip has
some suggestions (hint hint) :)
Anyway here's what I've used under exim3 with LDAP lookups. You should be
able to apply this into your exim4 environment with your local LDAP schema
without any real problems, I'd guess.
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = LDAP_AUTH_LOGIN_BIND
server_set_id = $1
where LDAP_AUTH_LOGIN_BIND is one of a set of macros for readibility sake
in my config file (sorry about line wraps):
LDAP_AUTH_LOGIN_QUERY = ldap:///ou=People,o=example.com??sub?(uid=${quote_ldap:$1})
LDAP_AUTH_LOGIN_EXPR = ${lookup ldap {user="$value" pass=$2 LDAP_AUTH_LOGIN_QUERY}{1}{0}}
LDAP_AUTH_LOGIN_BIND = ${lookup ldapdn {LDAP_AUTH_LOGIN_QUERY}{LDAP_AUTH_LOGIN_EXPR}{0}}
HTH,
Tabor
--
--------------------------------------------------------------------
Tabor J. Wells twells@???
Fsck It! Just another victim of the ambient morality