On Fri, 27 Apr 2007, Dave Lugo wrote:
>
> My brain is a bit fried from {{}}{{}} hell.... can someone
> point out where I'm being stupid?
>
I'm masochistic sometimes...
Tossing this into the mailing list archive for reference, might be good
for the FAQ too.
This lets you handle ldap auth for multiple domains, with the
ldap config in a file.
Here's the sample authenticator:
(CFG_DIR is a macro pointing to the config directory)
PLAIN:
driver = plaintext
server_set_id = $auth2
server_prompts = :
server_condition = ${if ldapauth \
{user="uid=${quote_ldap_dn:${extract{1}{@}{$auth2}}},\
${extract{2}{:}{${lookup{${extract{2}{@}{$auth2}}}lsearch{CFG_DIR/ldap-config}}}}" \
pass="$auth3" \
ldap://${extract{1}{:}{${lookup{${extract{2}{@}{$auth2}}}lsearch{CFG_DIR/ldap-config}}}}/} \
{yes}{no}\
}
ldap-config is a file that looks like:
domain<tab>ldapserver:searchbase
Here's a sample line:
example.com ldapserv.whatever.com:ou=people,o=example.com,o=accounts
(just one servername allowed[1], as I don't think multiple ones can be
spec'd here)
The resulting ldapauth looks like this, so adjust searchbase/${extract/etc
as needed for your stuff. (from an `exim -bd -d+expand`):
15696 result:
user="uid=joeschmoe,ou=people,o=example.com,o=accounts" pass="pa55word"
ldap://ldapserv.whatever.com/
Hopefully this will be useful for other folks as well.
[1] anyone wanna get crazy with recursive/looping stuff, and
give me fallback servers? :)
--
--------------------------------------------------------
Dave Lugo dlugo@??? LC Unit #260 TINLC
Have you hugged your firewall today? No spam, thanks.
--------------------------------------------------------
Are you the police? . . . . No ma'am, we're sysadmins.
