Tim Tassonis wrote:
> So, in the authentication phase, Exim would try to bind to the LDAP server
> by:
> - Looking up the dn based on the sumitted userid, timtas
> - Bind with the dn and the submitted password.
Check the docs for ldapauth expansion-condition. And use set_id to set
the authenticated_id to the mailaddress you want to verify.
> When the client sends the MAIL FROM: header, Exim would already know the
> authenticated userid and would then lookup the entry using the filter
> (&(uid=$AUTHENTICATED_USERID)(mail=$ADDRESS_IN_MAIL_FROM_HEADER))
Use an acl-condition like this in your data-acl.
deny
authenticated = *
condition = ${if !eq {${address:$h_from:}}\
{$authenticated_id}{1}}
> Can this be done?
Yes.
Nico
