[Exim] ldapauth schema

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: TN
Dátum:  
Címzett: Exim Users Mailing List
Tárgy: [Exim] ldapauth schema
My head's spinning from reading & trying ldap docs for authenticating
users via ldap. Nothing works for me, I suspect due to my
misunderstanding of the schema attributes that are required.

I am using this for LOGIN:
login_server:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if ldapauth
{user=\"uid=${quote_ldap_dn:$1},ou=AU,ou=People,dc=example,dc=com\"
pass=${quote:$2} ldap://localhost/}{yes}{no}}"
server_set_id = $1

& my ldap db has:

dc=example,dc=com
|
+----ou=People,dc=example,dc=com
        |
        |
        +----ou=AU,ou=People,dc=example,dc=com
             |
             |
             +-----uid=tnuro,ou=AU,ou=People,dc=example,dc=com


The attributes set in my user entry is:
dn: cn=Trevor Nuro,ou=AU,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: top
objectClass: organizationalPerson
cn: Trevor Nuro
sn: Nuro
givenName: Trevor
mail: tnuro@???
structuralObjectClass: inetOrgPerson
uid: tnuro
userPassword:: bGludXg=


It always fails. In my schema, I have the 'uid' attribute set to my
login name, and userPassword, which I presume ldapauth checks against -
is this correct ?


The doc for ldapauth says "The condition is true if the password is not
empty, and the user name and password are accepted by the LDAP server" -
how does the ldap server accept/reject "the password" ? How is the
password expected to be encrypted ?

I'm trying to setup exim+cyrus to authenticate via ldap, and I don't
want to use local accounts.

thanks!