Re: [Exim] Documentation error - quote_ldap example

Top Page
Delete this message
Reply to this message
Author: Brian Candler
Date:  
To: Tony Earnshaw
CC: exim-users
Subject: Re: [Exim] Documentation error - quote_ldap example
On Mon, Aug 19, 2002 at 05:26:40PM +0200, Tony Earnshaw wrote:
> "Exim -bt has nothing to do with it".
>
> Nor has it, quite right.
>
> But when I send SSL/TLS encrypted mail with the following, it works
> perfectly, anyway:
>
> Replace:
>
> {user="mail=${quote_ldap:$2}
>
> With:
>
> {user="mail=${quote_ldap:"$2"}


Well, actually I can't see what SSL/TLS has to do with it either.

You said you had something like this in your configuration:

fixed_plain:
  ...
  server_condition = ${if ldapauth \
    {user="mail=${quote_ldap:$2},\
    ou=people,ou=groups,dc=billy,dc=demon,dc=nl" pass="$3"\
    ldap:///}{yes}{no}}


That's an authenticator. So to trigger it, the client has to send an SMTP
AUTH command (over either a normal or TLS connection, it doesn't make any
difference). To test, encode a string like this:

$ perl -MMIME::Base64 -e 'print encode_base64("\0tonni\@billy.demon.net\0password")'
AHRvbm5pQGJpbGx5LmRlbW9uLm5ldABwYXNzd29yZA==

then telnet to your mailhost port 25 and send "AUTH PLAIN <this string>". If
you get a 235 response, you have authenticated successfully.

At the same time you should see the LDAP query going off to your LDAP
server, perhaps most easily seen by running
    tcpdump -n -s1500 -X tcp port 389
on the host at the same time. This is how I discovered that quote_ldap was
mangling 'foo@???' to 'foo%40example.com'


If your clients are not actually using SMTP AUTH then of course you can put
whatever you like inside server_condition, as it won't do anything :-)

Regards,

Brian.