[Exim] LDAP Lookup

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MThomas Hager at ->
Delete this message
Reply to this message
Author: Stephen Gran
Date:  
To: exim-users
Subject: [Exim] LDAP Lookup
Hello all,

I am using an LDAP lookup for authenticating my users for smtp auth, but
I am not happy with the way I am doing it.

This is my current lookup:
ldap_login:
driver = plaintext
public_name= LOGIN
server_prompts = "Username:: : Password::"
server_condition="${lookup ldap{user=uid=$1,ou=People,dc=mail,dc=lobefin,dc=net pass=$2 ldap://localhost/ou=People,dc=mail
,dc=lobefin,dc=net?uid?sub?(uid=$1)}{yes}fail}"
server_set_id=$1

(Sorry for the bad wrap)

Basically, it tries to bind to the LDAP server with uid and password,
and should return fail if it can't bind, but this is what I get instead:

steve@hadrian:~$ telnet mercury 25
Trying 216.158.52.98...
Connected to mail.lobefin.net.
Escape character is '^]'.
220 mail.lobefin.net ESMTP Exim 4.30 Wed, 14 Jan 2004 14:16:48 -0500
ehlo www.lobefin.net
250-mail.lobefin.net Hello steve at www.lobefin.net [216.158.52.108]
250-SIZE 52428800
250-PIPELINING
250-AUTH LOGIN PLAIN
250-STARTTLS
250 HELP
auth login
334 [...]
[...]
435 Unable to authenticate at present

And I get this in the logs:
2004-01-14 14:16:58 ldap_login authenticator failed for www.lobefin.net [216.158.52.108] U=steve: 435 Unable to authenticate at present: lookup of "user=uid=[...],ou=People,dc=mail,dc=lobefin,dc=net pass=[...] ldap://localhost/ou=People,dc=mail,dc=lobefin,dc=net?uid?sub?(uid=[...])" gave DEFER: failed to bind the LDAP connection to server localhost:389 - LDAP error 49: Invalid credentials

As opposed to the expected:
ehlo www.lobefin.net
250-mail.lobefin.net Hello steve at www.lobefin.net [216.158.52.108]
250-SIZE 52428800
250-PIPELINING
250-AUTH LOGIN PLAIN
250-STARTTLS
250 HELP
auth plain
334
[...]
535 Incorrect authentication data

with this is in the logs:
2004-01-14 14:24:18 plain_server authenticator failed for www.lobefin.net [216.158.52.108] U=steve: 535 Incorrect authentication data

Can someone point me to a better $lookup{...} that will return 5xx for a
failed lookup? I haven't seen one yet, so I'm sorry if I've missed the
obvious.
--
--------------------------------------------------------------------------
|  Stephen Gran                  | The moving cursor writes, and having    |
|  steve@???             | written, blinks on.                     |
|  http://www.lobefin.net/~steve |                                         |
--------------------------------------------------------------------------


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] lookup dnsdb gave DEFERRe: [Exim] lookup dnsdb gave DEFER->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)