I have been scratching my head for a number of days about entries like:
plainitext authenticator failed for somehost.lcu.ac.uk (local)
[123.45.67.89]: 435 Unable to authenticate at present: failed to bind
the LDAP connection to server ad.lcu.ac.uk:389 - LDAP error 34: Invalid
DN syntax
In my exim logs.
I have had a plain text authenticator (slightly simplified) as follows:
plainitext:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = ${if \
ldapauth
{user="uid=${quote_ldap_dn:$auth2},ou=people,dc=lcu,dc=ac,dc=uk"
pass=${quote:$auth3} ldap://ad.lcu.ac.uk/ } \
}
server_set_id = $auth2
This is pretty much identical to the example in section 34 of the Exim
manual and what is on the wiki.
All of my users are happily authenticating except this one machine, the
LDAP server has been functioning fine.
Perplexing. Carefully studying the manuals and the configuration file
lead me to conclude that the authenticator and the LDAP syntax was
right. After much I resorted to running exim in debugging mode which
revealed that the user in question was sending a blank username leading
to the expansion of
{user="uid=${quote_ldap_dn:$auth2},ou=people,dc=lcu,dc=ac,dc=uk"
pass=${quote:$auth3}
being:
{user="uid=,ou=people,dc=lcu,dc=ac,dc=uk" pass=${quote:$auth3}
Which is an invalid DN! However as this was invalid Exim was issuing a
temp error and all the user's mail was sitting
in his outbox.
So perhaps the manual should be revised to give the plain text
authenticator to have a server_condition like:
server_condition = ${if and {\
{ ! eq {$auth2}{}}\
{ ldapauth
{user="uid=${quote_ldap_dn:$auth2},ou=people,dc=lcu,dc=ac,dc=uk"
pass=${quote:$auth3} ldap://ad.lcu.ac.uk/ } }\
}\
}
Which should catch the blank username and fail it with a 535 error code?
Rob
