Re: [Exim] Recipient checking: LDAP

Top Page
Delete this message
Reply to this message
Author: Oliver Eikemeier
Date:  
To: Sheldon Hearn
CC: exim-users
Subject: Re: [Exim] Recipient checking: LDAP
Sheldon Hearn wrote:

> Now, SMTP AUTH authentication in Exim. The following works nicely for
> me:
>
> login:
>   driver = plaintext
>   public_name = LOGIN
>   server_prompts = Username:: : Password::
>   server_condition = \
>     ${if \
>       ldapauth { \
>         user="cn=${quote_ldap:$1},ou=people,dc=clue,dc=bz" \
>         pass="${quote_ldap:$2}" \
>         ldap:/// \
>       } \
>       {yes} {no} \
>     }
>   server_set_id = $1

>
> I'm abusing cn (Common Name), I know. I'll eventually use two lookups,
> one binding as cn=Manager with known password to get the right dn from
> mail, then another using that dn.


How about:
server_condition = ${if saslauthd{{$1}{$2}}{yes}{no}}
which gives you connection caching, too :)

> So now I just need to get my head around SPA so that Outlook users can
> also use SMTP AUTH. I plan to replace my pop-before-smtp implementation
> with authenticated relay only.
>
> Anyone got a clean way to test SPA without an Outlook client?


The problem with SPA is that you need cleartext passwords is the database.
Perhaps PLAIN+TLS is an alternative?