Re: [exim] LDAP/SMTP AUTH fun and games

Top Page
Delete this message
Reply to this message
Author: Jan-Piet Mens
Date:  
To: Mark Lowes
CC: Exim Users
Subject: Re: [exim] LDAP/SMTP AUTH fun and games
On Fri Dec 10 2004 at 13:21:53 CET, Mark Lowes wrote:

> I'm trying to get smtpauth working with ldap using the email address
> stored in ldap ("mail") as the username, I thought the following should
> work

...

Your directory appears to have distinguished names of the form
"cn=Username,o=mistral,c=uk" and NOT "mail=joe@email,o=mistral,c=uk".

It would appear that you'd need to SEARCH for the mail attribute
type (it is indexed, I hope?) in order to then bind to the directory.

Something like this may help:

plain:
   driver = plaintext
   public_name = PLAIN
   server_condition = \
        ${\
           lookup ldap { \
               user="${lookup ldapdn {ldap:///BASEDN?dn?sub?(mail=${quote_ldap:$2})}}" \
               pass="$3" \
               ldap:///BASEDN?uid?sub?(&(uid=${quote_ldap:$2})(mail=*)) \
         }{yes}fail \
    }
   server_set_id = $2


where BASEDN is set to "o=mistral,c=uk". Note the DN of the person's entry is
being looked up first.

Regards,
    -JP