[exim] SMTP AUTH via LDAP

Top Page
Delete this message
Reply to this message
Author: Chris Bellomy
Date:  
To: exim-users
Subject: [exim] SMTP AUTH via LDAP
Hello all,

LDAP makes me feel really stupid.

With that out of the way, perhaps you can forgive what's likely
an obvious question. I hate to raise it here for that reason, but
my forehead is bleeding from the numerous collisions it has had
with the brick wall the last two days.

Here is the recipe I'm trying to get to work:

LDAPCFG = user=cn=Manager,dc=blah,dc=com pass=xxxxxxx connect=5

plain:
   driver = plaintext 
   public_name = PLAIN
   server_prompts = :
    server_condition = ${if ldapauth \
     {user=${lookup ldapdn \
     {LDAPCFG ldap:///ou=Employees,dc=blah,dc=com?dn?sub?(uid=$2)}} \
     pass=$3 connect=5 ldap:///} {true} {fail}}
   server_set_id = $2


The problem here is that the DN's in this directory include
CN's, which have spaces. My DN, for instance, would be:

cn=Chris Bellomy,ou=Employees,dc=blah,dc=com

This causes exim to barf thusly:

2007-01-17 15:37:51 plain authenticator failed for
adsl-209-30-181-167.dsl.rcsntx.swbell.net ([192.168.0.7]) [209.30.181.167]:
435 Unable to authenticate at present (set_id=cbellomy): unknown parameter
"Bellomy,ou=" precedes LDAP URL

I keep thinking that quote_ldap_dn, properly placed, will solve
this, but I just can't figure out the right iteration for that
(if in fact quote_ldap_dn is the right function here).

So, problem one: submitting the DN with the space accounted for
such that the above error is eliminated.

Problem two, if it can be solved, is that I'd prefer to do the
search with an anonymous bind, and the authentication with the
authenticated bind (of course). As far as I can tell, though,
one can never do anonymous binds from exim. Am I right?

Thanks in advance for any and all pointers,

cb