Hello!
On Tue, 8 Jul 2003, Philip Hazel wrote:
> On Tue, 8 Jul 2003, Alexander V Alekseev wrote:
>
> > login:
> > driver = plaintext
> > public_name = LOGIN
> > server_prompts = Username:: : Password::
> > hide server_condition = ${if eq{$2}{PASSWORD_LOOKUP}{yes}{no}}
> > server_set_id = $1
> > ---------------------------------------
> > If PASSWORD_LOOKUP doesn't end with "fail", it accepts
> > empty passwords for unknown accounts.
> > If PASSWORD_LOOKUP ends with "fail" I get the following
> > reply from exim in SMTP session:
> >
> > --------------------------------------
> > AUTH login
> > 334 VXNlcm5hbWU6
> > aHJicmZy
> > 334 UGFzc3dvcmQ6
> >
> > 435 Unable to authenticate at present
> > --------------------------------------
>
> What is in PASSWORD_LOOKUP? It appears that it is failing to complete
> for some reason. Have you tried running a debugging test? For example,
> with -d and -bh?
PASSWORD_LOOKUP looks like ${lookup ldap {...}{$value}fail}
> > But how could I get the proper "535 Incorrect authentication
> > data" ?
>
> If the expansion is forced to fail, authentication fails. I suspect you
> may have a syntax error or something similar.
Ok. Here is the debug (exim -d -bh <some_ip>):
-----------------------------------------
AUTH login
SMTP<< AUTH login
SMTP>> 334 VXNlcm5hbWU6
334 VXNlcm5hbWU6
aHJicmZy
SMTP>> 334 UGFzc3dvcmQ6
334 UGFzc3dvcmQ6
search_open: ldap "NULL"
search_find: file="NULL"
key="<some_key>" partial=-1 affix=NULL starflags=0
LRU list:
internal_search_find: file="NULL"
type=ldap key="<some_key>"
database lookup required for user="<some_user>" pass=<some_pass> <some_key>
LDAP parameters: user=<some_user> pass=<some_pass> size=0 time=0
perform_ldap_search: ldap URL ="<some_key>" server=127.0.0.1 port=390 sizelimit=0 timelimit=0
after ldap_url_parse: host=127.0.0.1 port=390
ldap_initialize with URL ldap://127.0.0.1:390/
initialized for LDAP server 127.0.0.1:390
LDAP_OPT_X_TLS_TRY set
binding with user=<some_user> password=<some_password>
Start search
search ended by ldap_result yielding 101
ldap_parse_result yielded 32: No such object
lookup failure forced
LDAP search failed - error 32: No such object
lookup failed
login authenticator:
$1 = hrbrfr
expansion failed: "lookup" failed and "fail" requested
SMTP>> 435 Unable to authenticate at present
435 Unable to authenticate at present
LOG: MAIN REJECT
Authentication failed for (A) [231.1.1.6]: 435 Unable to authenticate at present (set_id=hrbrfr): "lookup" failed and "fail" requested
-----------------------------------------
So, as you see, there is no syntaxis error.
> > Any ideas? Is there a way to distinguish between "not
> > found" lookup result, and "lookup failed" (server error for example)?
>
> Yes. "Not found" can be turned into a string of your choice, or cause
> the expansion to fail. Server error will provoke a temporary error.
Hmmm. Can you provide an example?
Bye. Alex.