Re: [Exim] Exim and LDAP Authentication

Top Page
Delete this message
Reply to this message
Author: Nico Erfurth
Date:  
To: Tim Tassonis
CC: exim-users
Subject: Re: [Exim] Exim and LDAP Authentication
Tim Tassonis wrote:

> So, in the authentication phase, Exim would try to bind to the LDAP server
> by:
> - Looking up the dn based on the sumitted userid, timtas
> - Bind with the dn and the submitted password.


Check the docs for ldapauth expansion-condition. And use set_id to set
the authenticated_id to the mailaddress you want to verify.

> When the client sends the MAIL FROM: header, Exim would already know the
> authenticated userid and would then lookup the entry using the filter
> (&(uid=$AUTHENTICATED_USERID)(mail=$ADDRESS_IN_MAIL_FROM_HEADER))


Use an acl-condition like this in your data-acl.

deny
      authenticated = *
      condition = ${if !eq {${address:$h_from:}}\
                           {$authenticated_id}{1}}


> Can this be done?


Yes.

Nico