[exim] fixed! Re: point ldapauth to a table to chose ldap se…

Top Page
Delete this message
Reply to this message
Author: Dave Lugo
Date:  
To: exim-users
Old-Topics: Re: [exim] point ldapauth to a table to chose ldap servers & search base?
Subject: [exim] fixed! Re: point ldapauth to a table to chose ldap servers & search base?
On Fri, 27 Apr 2007, Dave Lugo wrote:
>
> My brain is a bit fried from {{}}{{}} hell.... can someone
> point out where I'm being stupid?
>



I'm masochistic sometimes...

Tossing this into the mailing list archive for reference, might be good
for the FAQ too.

This lets you handle ldap auth for multiple domains, with the
ldap config in a file.

Here's the sample authenticator:

(CFG_DIR is a macro pointing to the config directory)

PLAIN:
  driver                     = plaintext
  server_set_id              = $auth2
  server_prompts             = :
  server_condition    = ${if ldapauth \
    {user="uid=${quote_ldap_dn:${extract{1}{@}{$auth2}}},\
    ${extract{2}{:}{${lookup{${extract{2}{@}{$auth2}}}lsearch{CFG_DIR/ldap-config}}}}" \
    pass="$auth3" \
    ldap://${extract{1}{:}{${lookup{${extract{2}{@}{$auth2}}}lsearch{CFG_DIR/ldap-config}}}}/} \
    {yes}{no}\
    }



ldap-config is a file that looks like:

domain<tab>ldapserver:searchbase

Here's a sample line:

example.com    ldapserv.whatever.com:ou=people,o=example.com,o=accounts


(just one servername allowed[1], as I don't think multiple ones can be
spec'd here)

The resulting ldapauth looks like this, so adjust searchbase/${extract/etc
as needed for your stuff. (from an `exim -bd -d+expand`):

 15696    result:
user="uid=joeschmoe,ou=people,o=example.com,o=accounts" pass="pa55word"
ldap://ldapserv.whatever.com/



Hopefully this will be useful for other folks as well.


[1] anyone wanna get crazy with recursive/looping stuff, and
give me fallback servers? :)

-- 
--------------------------------------------------------
Dave Lugo   dlugo@???    LC Unit #260   TINLC
Have you hugged your firewall today?   No spam, thanks.
--------------------------------------------------------
Are you the police?  . . . .  No ma'am, we're sysadmins.