> Hello all,
>
> LDAP makes me feel really stupid.
>
> With that out of the way, perhaps you can forgive what's likely
> an obvious question. I hate to raise it here for that reason, but
> my forehead is bleeding from the numerous collisions it has had
> with the brick wall the last two days.
>
> Here is the recipe I'm trying to get to work:
>
> LDAPCFG = user=cn=Manager,dc=blah,dc=com pass=xxxxxxx connect=5
>
> plain:
> driver = plaintext
> public_name = PLAIN
> server_prompts = :
> server_condition = ${if ldapauth \
> {user=${lookup ldapdn \
> {LDAPCFG ldap:///ou=Employees,dc=blah,dc=com?dn?sub?(uid=$2)}} \
> pass=$3 connect=5 ldap:///} {true} {fail}}
> server_set_id = $2
>
> The problem here is that the DN's in this directory include
> CN's, which have spaces. My DN, for instance, would be:
>
> cn=Chris Bellomy,ou=Employees,dc=blah,dc=com
>
> This causes exim to barf thusly:
>
> 2007-01-17 15:37:51 plain authenticator failed for
> adsl-209-30-181-167.dsl.rcsntx.swbell.net ([192.168.0.7]) [209.30.181.167]:
> 435 Unable to authenticate at present (set_id=cbellomy): unknown parameter
> "Bellomy,ou=" precedes LDAP URL
>
> I keep thinking that quote_ldap_dn, properly placed, will solve
> this, but I just can't figure out the right iteration for that
> (if in fact quote_ldap_dn is the right function here).
>
> So, problem one: submitting the DN with the space accounted for
> such that the above error is eliminated.
>
> Problem two, if it can be solved, is that I'd prefer to do the
> search with an anonymous bind, and the authentication with the
> authenticated bind (of course). As far as I can tell, though,
> one can never do anonymous binds from exim. Am I right?
>
> Thanks in advance for any and all pointers,
>
> cb
>
if "uid" contain email address or login. try this.
plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = ${if ldapauth \
{user="uid=${quote:$2},ou=Employees,dc=blah,dc=com" \
pass=${quote:$3} \
ldap:///ou=Employees,dc=blah,dc=com/}{yes}{no}}
server_set_id = $2
