Hello all,
I am using an LDAP lookup for authenticating my users for smtp auth, but
I am not happy with the way I am doing it.
This is my current lookup:
ldap_login:
driver = plaintext
public_name= LOGIN
server_prompts = "Username:: : Password::"
server_condition="${lookup ldap{user=uid=$1,ou=People,dc=mail,dc=lobefin,dc=net pass=$2 ldap://localhost/ou=People,dc=mail
,dc=lobefin,dc=net?uid?sub?(uid=$1)}{yes}fail}"
server_set_id=$1
(Sorry for the bad wrap)
Basically, it tries to bind to the LDAP server with uid and password,
and should return fail if it can't bind, but this is what I get instead:
steve@hadrian:~$ telnet mercury 25
Trying 216.158.52.98...
Connected to mail.lobefin.net.
Escape character is '^]'.
220 mail.lobefin.net ESMTP Exim 4.30 Wed, 14 Jan 2004 14:16:48 -0500
ehlo
www.lobefin.net
250-mail.lobefin.net Hello steve at
www.lobefin.net [216.158.52.108]
250-SIZE 52428800
250-PIPELINING
250-AUTH LOGIN PLAIN
250-STARTTLS
250 HELP
auth login
334 [...]
[...]
435 Unable to authenticate at present
And I get this in the logs:
2004-01-14 14:16:58 ldap_login authenticator failed for
www.lobefin.net [216.158.52.108] U=steve: 435 Unable to authenticate at present: lookup of "user=uid=[...],ou=People,dc=mail,dc=lobefin,dc=net pass=[...] ldap://localhost/ou=People,dc=mail,dc=lobefin,dc=net?uid?sub?(uid=[...])" gave DEFER: failed to bind the LDAP connection to server localhost:389 - LDAP error 49: Invalid credentials
As opposed to the expected:
ehlo
www.lobefin.net
250-mail.lobefin.net Hello steve at
www.lobefin.net [216.158.52.108]
250-SIZE 52428800
250-PIPELINING
250-AUTH LOGIN PLAIN
250-STARTTLS
250 HELP
auth plain
334
[...]
535 Incorrect authentication data
with this is in the logs:
2004-01-14 14:24:18 plain_server authenticator failed for
www.lobefin.net [216.158.52.108] U=steve: 535 Incorrect authentication data
Can someone point me to a better $lookup{...} that will return 5xx for a
failed lookup? I haven't seen one yet, so I'm sorry if I've missed the
obvious.
--
--------------------------------------------------------------------------
| Stephen Gran | The moving cursor writes, and having |
| steve@??? | written, blinks on. |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------