[Exim] RE: Exim 4 LDAP SMTP Authentication

Top Page
Delete this message
Reply to this message
Author: Thai Q. Tran
Date:  
To: exim-users
Subject: [Exim] RE: Exim 4 LDAP SMTP Authentication
Hello again,
    I am sorry I wasn't more specific earlier regarding my needs.  I
left my full config file hoping for someone to notice my variables.  I
host for many virtual domains and I have tailored LDAP to do so.  By
looking at the server_condition that was recommended, it seems to not
fit my needs and would be too specific in its bind to LDAP.


    For example would be a user user@??? and their LDAP
structure would look like so:
    cn=user,dc=sfm-racing.com,o=mye-znet.


    Then there would be a user user@??? which would
look like so:
    cn=user,dc=caraudiocheap.com,o=mye-znet.


    So by looking at my router section of my config file you will
notice the variable dc=${domain}.


ldap_user:
driver = redirect
allow_defer
allow_fail
data = ${lookup ldap
{ldap:///dc=${domain},o=mye-net?mailMessageStore?sub?(uid=${local_part})
}}

    Hopefully I can get users to send mail via the same way that
they receive mail.  I am using a POP3 server which I have configured to
allow users to authenticate with a full username and domain login (i.e.
user@???).


Any ideas?

Thanks ahead,
Thai Q. Tran
Email: t_tran99@???


-----Original Message-----
From: exim-users-admin@??? [mailto:exim-users-admin@exim.org] On
Behalf Of Tony Earnshaw
Sent: Friday, February 14, 2003 6:56 AM
To: Stefan Kaltenbrunner
Cc: exim-users@???
Subject: Re: [Exim] RE: Exim 4 LDAP SMTP Authentication

fre, 2003-02-14 kl. 12:48 skrev Stefan Kaltenbrunner:

> > begin authenticators
> >
> > fixed_plain:
> >   driver              = plaintext
> >   public_name         = PLAIN
> >   server_condition    = ${if ldapauth \

> >

{user="cn=${quote_ldap:$2},ou=people,ou=groups,dc=example,dc=com" \
> >     pass="$3" \

>
> you might want to check if pass="$3" works for "strange" passwords too

(like
> "abcde" (including the ") or abc=dc) - it didn't in our internal

tests.
> I have been discussing this problem in more detail with ph10@ already

and he
> agreed to some respect that pass=${quote:$3} is "more" correct in this

case
> although I'm still a not really convinced . . .


As far as I'm concerned, with Exim 4.10/4.12 $3 (without the quotes)
doesn't work. However, as with *everything* else above, it's a matter of
trial and error. It took me a day to figure out the ins and outs, with
copious help from the 14,000 odd Exim list postings on my harddisk since
Exim 4 arrived. Plus much RTFMing and trying out.

Funny, I hardly ever need to ask for help from the list, it's all been
done by someone before. There was a posting from a Sendmail admin on the
SA list who had 3,000+ spammer "dictionary" attacks *per day* on his
smtp server and wondered whether to set up an IPTABLES block, etc. I did
a hard disk search and came up with Guilano's teergrubing solution /
posting for Exim 4 within 5 minutes. And it works beautifully, even
combined with other things within the same ACL. Effing brilliant.

Best,

Tony

--

Tony Earnshaw

When you rob a person of his illusions,
you are robbing him of his happiness


e-post:        tonni@???
www:        http://www.billy.demon.nl