[exim] point ldapauth to a table to chose ldap servers & sea…

Top Page
Delete this message
Reply to this message
Author: Dave Lugo
Date:  
To: exim-users
Subject: [exim] point ldapauth to a table to chose ldap servers & search base?

(apologies in advance for the obfuscated domains. I don't think
that's an issue for this posting - if it is, please let me know)

I'm working on a auth replacement for a proprietary MTA my employer
uses.

For testing purposes, I'm using this in the authenticator (just to make
sure I get the syntax correct, and that it works):

PLAIN:
  driver                     = plaintext
  server_set_id              = $auth2
  server_prompts             = :
  server_condition    = ${if ldapauth \
{user="uid=${quote_ldap:${extract{1}{@}{$auth2}}},ou=people,o=example.com,o=accounts" \
    pass="$auth3" \
    ldap://server1.provider.com/\
    }\
    {yes}{no}\
    }


Our users use their user@??? address as the username they auth
as, hence I use extract to pull out the local part to pass to the
ldapserver. The above works fine.

On the MTA that we're trying to replace, the ldap details (servers and
searchbase) is kept in a file like so:

example.com server1.provider.com,server2.provider.com ou=people,o=example.com,o=accounts
whatever.com server1.whatever.com,server2.provider.com ou=people,o=whatever.com,o=accounts
...etc

I suppose I can replace the second space in the line with a ':' (or
something else), and use lsearch along with $extract to populate the
ldapauth details in the authenticator. My questions are:

. is there a more elegant way to do this?

. is there any way to specify multiple ldap servers in ldapauth?

I know about ldap_default_servers - but the list of domains isn't
guaranteed to use the same servers for every domain. I suppose I
could setup RR dns records, but that's load-balancing, which isn't
what I want (I want the subsequent server(s) tried only if the
preceeding one times out.

Any suggestions gratefully received...

Thanks,

Dave

-- 
--------------------------------------------------------
Dave Lugo   dlugo@???    LC Unit #260   TINLC
Have you hugged your firewall today?   No spam, thanks.
--------------------------------------------------------
Are you the police?  . . . .  No ma'am, we're sysadmins.