My head's spinning from reading & trying ldap docs for authenticating
users via ldap. Nothing works for me, I suspect due to my
misunderstanding of the schema attributes that are required.
I am using this for LOGIN:
login_server:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if ldapauth
{user=\"uid=${quote_ldap_dn:$1},ou=AU,ou=People,dc=example,dc=com\"
pass=${quote:$2} ldap://localhost/}{yes}{no}}"
server_set_id = $1
& my ldap db has:
dc=example,dc=com
|
+----ou=People,dc=example,dc=com
|
|
+----ou=AU,ou=People,dc=example,dc=com
|
|
+-----uid=tnuro,ou=AU,ou=People,dc=example,dc=com
The attributes set in my user entry is:
dn: cn=Trevor Nuro,ou=AU,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: top
objectClass: organizationalPerson
cn: Trevor Nuro
sn: Nuro
givenName: Trevor
mail: tnuro@???
structuralObjectClass: inetOrgPerson
uid: tnuro
userPassword:: bGludXg=
It always fails. In my schema, I have the 'uid' attribute set to my
login name, and userPassword, which I presume ldapauth checks against -
is this correct ?
The doc for ldapauth says "The condition is true if the password is not
empty, and the user name and password are accepted by the LDAP server" -
how does the ldap server accept/reject "the password" ? How is the
password expected to be encrypted ?
I'm trying to setup exim+cyrus to authenticate via ldap, and I don't
want to use local accounts.
thanks!
