Re: [Exim] Empty lookup result in authenticators (a stupid q…

Top Page
Delete this message
Reply to this message
Author: Alexander V Alekseev
Date:  
To: exim-users
Subject: Re: [Exim] Empty lookup result in authenticators (a stupid question).
        Hello!

On Tue, 8 Jul 2003, Philip Hazel wrote:

> On Tue, 8 Jul 2003, Alexander V Alekseev wrote:
>
> > login:
> >     driver = plaintext
> >     public_name = LOGIN
> >     server_prompts = Username:: : Password::
> >     hide server_condition = ${if eq{$2}{PASSWORD_LOOKUP}{yes}{no}}
> >     server_set_id = $1
> > ---------------------------------------
> >    If PASSWORD_LOOKUP doesn't end with "fail", it accepts
> > empty passwords for unknown accounts.
> >    If PASSWORD_LOOKUP ends with "fail" I get the following
> > reply from exim in SMTP session:

> >
> > --------------------------------------
> > AUTH login
> > 334 VXNlcm5hbWU6
> > aHJicmZy
> > 334 UGFzc3dvcmQ6
> >
> > 435 Unable to authenticate at present
> > --------------------------------------
>
> What is in PASSWORD_LOOKUP? It appears that it is failing to complete
> for some reason. Have you tried running a debugging test? For example,
> with -d and -bh?

PASSWORD_LOOKUP looks like ${lookup ldap {...}{$value}fail}

> >    But how could I get the proper "535 Incorrect authentication
> > data" ?

>
> If the expansion is forced to fail, authentication fails. I suspect you
> may have a syntax error or something similar.

Ok. Here is the debug (exim -d -bh <some_ip>):
-----------------------------------------
AUTH login
SMTP<< AUTH login
SMTP>> 334 VXNlcm5hbWU6

334 VXNlcm5hbWU6
aHJicmZy
SMTP>> 334 UGFzc3dvcmQ6

334 UGFzc3dvcmQ6

search_open: ldap "NULL"
search_find: file="NULL"
key="<some_key>" partial=-1 affix=NULL starflags=0
LRU list:
internal_search_find: file="NULL"
type=ldap key="<some_key>"
database lookup required for user="<some_user>" pass=<some_pass> <some_key>
LDAP parameters: user=<some_user> pass=<some_pass> size=0 time=0
perform_ldap_search: ldap URL ="<some_key>" server=127.0.0.1 port=390 sizelimit=0 timelimit=0
after ldap_url_parse: host=127.0.0.1 port=390
ldap_initialize with URL ldap://127.0.0.1:390/
initialized for LDAP server 127.0.0.1:390
LDAP_OPT_X_TLS_TRY set
binding with user=<some_user> password=<some_password>
Start search
search ended by ldap_result yielding 101
ldap_parse_result yielded 32: No such object
lookup failure forced
LDAP search failed - error 32: No such object
lookup failed
login authenticator:
$1 = hrbrfr
expansion failed: "lookup" failed and "fail" requested
SMTP>> 435 Unable to authenticate at present

435 Unable to authenticate at present
LOG: MAIN REJECT
Authentication failed for (A) [231.1.1.6]: 435 Unable to authenticate at present (set_id=hrbrfr): "lookup" failed and "fail" requested
-----------------------------------------

So, as you see, there is no syntaxis error.

> >    Any ideas? Is there  a way to distinguish between "not
> > found" lookup result, and "lookup failed" (server error for example)?

>
> Yes. "Not found" can be turned into a string of your choice, or cause
> the expansion to fail. Server error will provoke a temporary error.


    Hmmm. Can you provide an example?


        Bye. Alex.