[Exim] ldapauth quoting-problem

Top Pagina
Delete this message
Reply to this message
Auteur: Stefan Kaltenbrunner
Datum:  
Aan: exim-users
Onderwerp: [Exim] ldapauth quoting-problem
Hi All!

We are currently implementing a fairly large and complex LDAP-based
mailserver-solution. One of the features we want to provide to our
customers is SMTP-authentication.
For this we are using an authenticator like the following which is
basically copied from the spec.


plain:

driver = plaintext
public_name = PLAIN
server_condition=${if ldapauth \
{user="uid=${quote_ldap:$2},ou=people,o=testzone,c=at" \
pass="$3" ldap:///}{yes}{no}}

server_prompts = :
server_set_id= uid=$2

This authenticator works fine until somebody uses a password which is
itself quoted eg. "abc" (all five characters including the "'s!). The
resulting error looks like this:


[...]
23656 SMTP>> 250-testhost Hello test [10.14.3.1]
23656 250-SIZE 52428800
23656 250-PIPELINING
23656 250-AUTH PLAIN LOGIN
23656 250 HELP
23656 SMTP<< AUTH PLAIN AHVzZXIxACJhYmMi
23656 LDAP query error: malformed parameter setting precedes LDAP URL
23656 plain authenticator:
23656 $1 =
23656 $2 = user1
23656 $3 = "abc"
23656 expansion failed: malformed parameter setting precedes LDAP URL
23656 SMTP>> 435 Unable to authenticate at present
23656 LOG: MAIN REJECT
23656 Authentication failed for (test) [10.14.3.1]: 435 Unable to
authenticate at present (set_id=uid=user1): malformed parameter setting
precedes LDAP URL


We are now using the ${quote:} operator in this authenticator - is this
the recommended thing to do or is there another way to solve this problem ?

We are using Exim 4.12 with Openldap2(client) on Debian testing and Sun
One LDAP as the LDAP-Server. But the problem can be reproduced too on my
privat testsystem which is running FreeBSD 5.0RC2 with exim-4.12 and
OpenLDAP2 as both client and server.

thanks


Stefan

--
mastermind at madness dot at
Stefan Kaltenbrunner