Re: [Exim] ldapauth schema

Top Page
Delete this message
Reply to this message
Author: TN
Date:  
To: Thomas Hager
CC: Exim Users Mailing List
Subject: Re: [Exim] ldapauth schema
Ding Ding Ding!

OIC said the blind man......Thanks Tom. I was missing the point about
dn, as you've said. I thought I could just search based on any attribute
unique within one of my ou's.

thanks a lot, you've connected the dots for me.

ciao!
-Trevor.




Thomas Hager wrote:

>>It always fails. In my schema, I have the 'uid' attribute set to my
>>login name, and userPassword, which I presume ldapauth checks against -
>>is this correct ?
>>
>>
>no.
>clients authenticate to an ldap server with DN and password. uid is
>merely an attribute of your ldap entry. the DN is important, it
>identifies a single entry in the ldap directory. the user="" option in
>your exim authenticator must match the entry's dn you want to
>authenticate.
>
>in your example, the user's DN is
>"cn=Trevor Nuro,ou=AU,ou=People,dc=example,dc=com",
>whereas your exim authenticator's user option expands to
>"uid=tnuro,ou=AU,ou=People,dc=example,dc=com". (if you auth with
>"tnuro")
>
>i guess, that there's no entry in your ldap db with the DN
>"uid=tnuro,ou=AU,ou=People,dc=example,dc=com", thus authentication
>fails.
>
>change your ldap entries DN to
>"uid=tnuro,ou=AU,ou=People,dc=example,dc=com" and ldap authentication
>should succeed. try to authenticate with one of the ldap utils firts.
>
>
>
>>The doc for ldapauth says "The condition is true if the password is not
>>empty, and the user name and password are accepted by the LDAP server" -
>>how does the ldap server accept/reject "the password" ? How is the
>>password expected to be encrypted ?
>>
>>
>see above.
>btw, ldap traffic is not encrypted by default, so sniffing on port 389
>with ethereal gives valuable debugging information.
>
>hth,
>tom.
>
>--
>Thomas "Duke" Hager                       {duke,hager}@???
>GPG: 1024D/D27F858C            http://www.sigsegv.at/gpg/duke.gpg
>=================================================================
>"Never Underestimate the Power of Stupid People in Large Groups."

>
>--
>Content-Description: This is a digitally signed message part
>
>[ signature.asc of type application/pgp-signature deleted ]
>--
>
>
>--
>
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>
>