On Tue, 2005-11-29 at 19:05 +0100, Patrice wrote:
> I have setup my authenticator like that from the exim wiki
>
> plain_server:
> driver = plaintext
> server_advertise_condition = ${if
> match{$sender_host_address}{\N^10\.0\.0\.\d{1,3}\N}{0}{1}}
> public_name = PLAIN
> server_condition = ${if ldapauth \
> {user="uid=${quote_ldap_dn:$2},ou=people,o=mydomain.com" \
> pass=${quote:$3} \
> ldap://LDAPSERVER:389/}{yes}{no}}
> server_set_id = $2
> server_prompts = :
>
> all is working fine until my users are under ou=people
>
> what solution can I use to authenticate users not under ou=people ?
you need to do a search for the correct DN first. here's our
definition:
server_condition = \
${if ldapauth \
{user=${lookup ldapdn \
{LDAP_BASE?dn?one?uid=${quote_ldap_dn:$2}}} \
pass=${quote:$3} \
ldaps://LDAP_SERVER}{yes}{no}}
we need this since our RDN looks like "uniquemember=59104" which makes
it impossible to generate it from the username. in your case, you'll
probably need to adjust the scope to "sub".
--
Kjetil T.
