著者: Robert Bannocks 日付: To: Drav Sloan CC: exim-users 題目: Re: [exim] possible bug in the Exim Manual? / Notes in passing on
LDAP authentication
Drav Sloan wrote: > Robert Bannocks wrote:
>
>> Perplexing. Carefully studying the manuals and the configuration file
>> lead me to conclude that the authenticator and the LDAP syntax was
>> right. After much I resorted to running exim in debugging mode which
>> revealed that the user in question was sending a blank username leading
>> to the expansion of
>>
>> {user="uid=${quote_ldap_dn:$auth2},ou=people,dc=lcu,dc=ac,dc=uk"
>> pass=${quote:$auth3}
>>
>> being:
>>
>> {user="uid=,ou=people,dc=lcu,dc=ac,dc=uk" pass=${quote:$auth3}
>>
>> Which is an invalid DN! However as this was invalid Exim was issuing a
>> temp error and all the user's mail was sitting
>> in his outbox.
>>
>
> I instantly thought of a missing uid when ya first started talking about
> the problem. Am I missing the point here? I don't see this is a bug.
> After all, if the user doesn't pass a username, how do you know what user to
> validate?
>
> Regards
>
> Drav.
>
> The problem as I see it is if the user sends a blank username (or one
consisting of spaces) then Exim returns a 4xy series code which
is not the right response. A blank UID is not valid in LDAP and so not
valid if you are just authing against LDAP and so in such circumstances
exim should return a 5xy series error code. That way the MUA will not
hold the e-mail in the outbox and will (hopefully) inform the user.