Re: [Exim] Concept of LDAP usage

Top Page
Delete this message
Reply to this message
Author: Jan-Piet Mens
Date:  
To: Torsten Schlabach
CC: exim-users
Subject: Re: [Exim] Concept of LDAP usage
On Tue, 24 Feb 2004, Torsten Schlabach wrote:

> along the llines of logging into the LDAP server with some kind of superuser
> then doing a lookup of the credentials and comparing the password. I was not
> really aware that the LDAP server offers authentication as a service. I also
> had to set some permissions in my LDAP server to make this work.


That would of course be possible, but it would require clear-text passwords
in the directory, something that many don't like ;-)

> Do you know what kind of LDAP objects this works for? What attributes does
> the LDAP server use to decide if it authorizes someone or not? (The question
> might be off-topic but I think it matters to a lot of people who are setting
> up Exim for LDAP auth.)


Well, normally it works for any object which has a userPassword attribute type
set, irrespective of the scheme used for encrypting that password. OpenLDAP
supports MD5, SHA, and plain text, for example.

> Also the "inner lookup" solved a problem that I found I had just when I got
> around the other one. I have instances of inetOrgPerson in my LDAP server.
> Their DN is not the username. But I understand I will be able to cope with
> that
> using the inner lookup in our example to search for the username and find
> the DN.
>


Pleased I could be of service :-)

    -JP