Re: [exim] SMTP-Auth via LDAP error

Top Page
Delete this message
Reply to this message
Author: Stephen Gran
Date:  
To: exim-users
Subject: Re: [exim] SMTP-Auth via LDAP error
On Fri, Oct 28, 2005 at 10:45:52AM +0200, Torben Janssen said:
> Hi,
>
> I am using LDAP to authenticate Users for SMTP-Auth. My exim.conf looks
> like this:
>
> plain:
> driver = plaintext
> public_name = PLAIN
> server_prompts = :
> server_condition = ${if ldapauth
> {user="uid=${quote_ldap_dn:$1},ou=users,dc=keineahnung,dc=org"
> pass=${quote:$2} ldap://localhost/}{yes}{no}}
> server_set_id = $2


The username is stored in $2 and the password in $3 for plain auth -
you've got it right in the server_set_id bit, but wrong in the actual
LDAP query.

> ----------------------------------------------------------------------------------------------------------------------------------------------------------
>
> When I am sending Mails via Thunderbird the logfiles show me some errors:
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------
> ==> /var/log/messages <==
> Oct 28 10:30:25 slapd[7680]: conn=25 fd=15 ACCEPT from IP=127.0.0.1:60714 (IP=0.0.0.0:389)
> Oct 28 10:30:25 slapd[2516]: bind: invalid dn (uid=,ou=users,dc=keineahnung,dc=org)

                                                 ^^^^
This is the result.


> Oct 28 10:30:25 slapd[2516]: conn=25 op=0 RESULT tag=97 err=34 text=invalid DN
> Oct 28 10:30:25 slapd[29408]: conn=25 op=1 BIND dn="uid=torben,ou=users,dc=keineahnung,dc=org" method=128
> Oct 28 10:30:25 slapd[29408]: conn=25 op=1 BIND dn="uid=torben,ou=users,dc=keineahnung,dc=org" mech=SIMPLE ssf=0
> Oct 28 10:30:25 slapd[29408]: conn=25 op=1 RESULT tag=97 err=0 text=
> Oct 28 10:30:25 slapd[7840]: conn=25 op=2 UNBIND
>
> So my question is if exim only tries all authenticators and some can
> fail or if this is a bad configuration? When I enter a bad password
> relaying is denied. Since I do not want to be a openrelay I am a bit
> worried.


Presumably Thunderbird tried both mechanisms. Nothing to worry about.
--
--------------------------------------------------------------------------
|  Stephen Gran                  | He who knows others is wise. He who     |
|  steve@???             | knows himself is enlightened.   -- Lao  |
|  http://www.lobefin.net/~steve | Tsu                                     |

--------------------------------------------------------------------------