Re: [exim] point ldapauth to a table to chose ldap servers &…

Top Page
Delete this message
Reply to this message
Author: Dave Lugo
Date:  
To: exim-users
New-Topics: [exim] fixed! Re: point ldapauth to a table to chose ldap servers & search base?
Subject: Re: [exim] point ldapauth to a table to chose ldap servers & search base?
On Fri, 27 Apr 2007, Dave Lugo wrote:
>
> I suppose I can replace the second space in the line with a ':' (or
> something else), and use lsearch along with $extract to populate the
> ldapauth details in the authenticator. My questions are:
>
> . is there a more elegant way to do this?
>
> . is there any way to specify multiple ldap servers in ldapauth?
>


some progress:

(I figure once I get the syntax correct for the rest of the "user=..."
stuff, I can do the same for the ldap server name.)


PLAIN:
  driver                     = plaintext
  server_set_id              = $auth2
  server_prompts             = :
  server_condition    = ${if ldapauth \
   {user="uid=${quote_ldap:${extract{1}{@}{$auth2}}},\
   ${extract{2}{:}{${lookup{${extract{2}{@}{$auth2}}}lsearch{CFG_DIR/ldap-config}{$value}}}}"} \
   pass="$auth3" \
   ldap://server1.provider.com/\
   }\
   {yes}{no}\
   }




... but it fails with this:

11639 PLAIN authenticator:
11639   $auth1 =
11639   $auth2 = someuser@???
11639   $auth3 = pa55word
11639   $1 =
11639   $2 = someuser@???
11639   $3 = pa55word
11639 expanding: 1
11639    result: 1
11639 expanding: @
11639    result: @
11639 expanding: $auth2
11639    result: someuser@???
11639 expanding: ${extract{1}{@}{$auth2}}
11639    result: someuser
11639 expanding: 2
11639    result: 2
11639 expanding: :
11639    result: :
11639 expanding: 2
11639    result: 2
11639 expanding: @
11639    result: @
11639 expanding: $auth2
11639    result: someuser@???
11639 expanding: ${extract{2}{@}{$auth2}}
11639    result: example.com
11639 expanding: /var/exim/etc/ldap-config
11639    result: /var/exim/etc/ldap-config
11639 search_open: lsearch "/var/exim/etc/ldap-config"
11639 search_find: file="/var/exim/etc/ldap-config"
11639   key="example.com" partial=-1 affix=NULL starflags=0
11639 LRU list:
11639   :/var/exim/etc/ldap-config
11639   End
11639 internal_search_find: file="/var/exim/etc/ldap-config"
11639   type=lsearch key="example.com"
11639 file lookup required for example.com
11639   in /var/exim/etc/ldap-config
11639 lookup yielded: server1.provider.com:ou=people,o=example.com,o=accounts
11639 expanding: $value
11639    result: server1.provider.com:ou=people,o=example.com,o=accounts
11639 expanding: ${lookup{${extract{2}{@}{$auth2}}}lsearch{/var/exim/etc/ldap-config}{$value}}
11639    result: server1.provider.com:ou=people,o=example.com,o=accounts
11639 expanding: user="uid=${quote_ldap:${extract{1}{@}{$auth2}}},${extract{2}{:}{${lookup{${extract{2}{@}{$auth2}}}lsearch{/var/exim/etc/ldap-config}{$value}}}}"
11639    result: user="uid=someuser,ou=people,o=example.com,o=accounts"
11639 LDAP query error: malformed parameter setting precedes LDAP URL
11639 failed to expand: ${if ldapauth {user="uid=${quote_ldap:${extract{1}{@}{$auth2}}},${extract{2}{:}{${lookup{${extract{2}{@}{$auth2}}}lsearch{/var/exim/etc/ldap-config}{$value}}}}"} pass="$auth3" ldap://server1.provider.com/}{yes}{no}}
11639    error message: malformed parameter setting precedes LDAP URL
11639 expansion failed: malformed parameter setting precedes LDAP URL
11639 expanding: $auth2
11639    result: someuser@???
11639 SMTP>> 435 Unable to authenticate at present



My brain is a bit fried from {{}}{{}} hell.... can someone
point out where I'm being stupid?


-- 
--------------------------------------------------------
Dave Lugo   dlugo@???    LC Unit #260   TINLC
Have you hugged your firewall today?   No spam, thanks.
--------------------------------------------------------
Are you the police?  . . . .  No ma'am, we're sysadmins.