On Tue, 24 Feb 2004, Torsten Schlabach wrote:
> along the llines of logging into the LDAP server with some kind of superuser
> then doing a lookup of the credentials and comparing the password. I was not
> really aware that the LDAP server offers authentication as a service. I also
> had to set some permissions in my LDAP server to make this work.
That would of course be possible, but it would require clear-text passwords
in the directory, something that many don't like ;-)
> Do you know what kind of LDAP objects this works for? What attributes does
> the LDAP server use to decide if it authorizes someone or not? (The question
> might be off-topic but I think it matters to a lot of people who are setting
> up Exim for LDAP auth.)
Well, normally it works for any object which has a userPassword attribute type
set, irrespective of the scheme used for encrypting that password. OpenLDAP
supports MD5, SHA, and plain text, for example.
> Also the "inner lookup" solved a problem that I found I had just when I got
> around the other one. I have instances of inetOrgPerson in my LDAP server.
> Their DN is not the username. But I understand I will be able to cope with
> that
> using the inner lookup in our example to search for the username and find
> the DN.
>
Pleased I could be of service :-)
-JP
