On Fri, 27 Apr 2007, Dave Lugo wrote:
>
> I suppose I can replace the second space in the line with a ':' (or
> something else), and use lsearch along with $extract to populate the
> ldapauth details in the authenticator. My questions are:
>
> . is there a more elegant way to do this?
>
> . is there any way to specify multiple ldap servers in ldapauth?
>
some progress:
(I figure once I get the syntax correct for the rest of the "user=..."
stuff, I can do the same for the ldap server name.)
PLAIN:
driver = plaintext
server_set_id = $auth2
server_prompts = :
server_condition = ${if ldapauth \
{user="uid=${quote_ldap:${extract{1}{@}{$auth2}}},\
${extract{2}{:}{${lookup{${extract{2}{@}{$auth2}}}lsearch{CFG_DIR/ldap-config}{$value}}}}"} \
pass="$auth3" \
ldap://server1.provider.com/\
}\
{yes}{no}\
}
... but it fails with this:
11639 PLAIN authenticator:
11639 $auth1 =
11639 $auth2 = someuser@???
11639 $auth3 = pa55word
11639 $1 =
11639 $2 = someuser@???
11639 $3 = pa55word
11639 expanding: 1
11639 result: 1
11639 expanding: @
11639 result: @
11639 expanding: $auth2
11639 result: someuser@???
11639 expanding: ${extract{1}{@}{$auth2}}
11639 result: someuser
11639 expanding: 2
11639 result: 2
11639 expanding: :
11639 result: :
11639 expanding: 2
11639 result: 2
11639 expanding: @
11639 result: @
11639 expanding: $auth2
11639 result: someuser@???
11639 expanding: ${extract{2}{@}{$auth2}}
11639 result: example.com
11639 expanding: /var/exim/etc/ldap-config
11639 result: /var/exim/etc/ldap-config
11639 search_open: lsearch "/var/exim/etc/ldap-config"
11639 search_find: file="/var/exim/etc/ldap-config"
11639 key="example.com" partial=-1 affix=NULL starflags=0
11639 LRU list:
11639 :/var/exim/etc/ldap-config
11639 End
11639 internal_search_find: file="/var/exim/etc/ldap-config"
11639 type=lsearch key="example.com"
11639 file lookup required for example.com
11639 in /var/exim/etc/ldap-config
11639 lookup yielded: server1.provider.com:ou=people,o=example.com,o=accounts
11639 expanding: $value
11639 result: server1.provider.com:ou=people,o=example.com,o=accounts
11639 expanding: ${lookup{${extract{2}{@}{$auth2}}}lsearch{/var/exim/etc/ldap-config}{$value}}
11639 result: server1.provider.com:ou=people,o=example.com,o=accounts
11639 expanding: user="uid=${quote_ldap:${extract{1}{@}{$auth2}}},${extract{2}{:}{${lookup{${extract{2}{@}{$auth2}}}lsearch{/var/exim/etc/ldap-config}{$value}}}}"
11639 result: user="uid=someuser,ou=people,o=example.com,o=accounts"
11639 LDAP query error: malformed parameter setting precedes LDAP URL
11639 failed to expand: ${if ldapauth {user="uid=${quote_ldap:${extract{1}{@}{$auth2}}},${extract{2}{:}{${lookup{${extract{2}{@}{$auth2}}}lsearch{/var/exim/etc/ldap-config}{$value}}}}"} pass="$auth3" ldap://server1.provider.com/}{yes}{no}}
11639 error message: malformed parameter setting precedes LDAP URL
11639 expansion failed: malformed parameter setting precedes LDAP URL
11639 expanding: $auth2
11639 result: someuser@???
11639 SMTP>> 435 Unable to authenticate at present
My brain is a bit fried from {{}}{{}} hell.... can someone
point out where I'm being stupid?
--
--------------------------------------------------------
Dave Lugo dlugo@??? LC Unit #260 TINLC
Have you hugged your firewall today? No spam, thanks.
--------------------------------------------------------
Are you the police? . . . . No ma'am, we're sysadmins.
