fanf2 2008/02/15 13:19:30 GMT
Modified files:
exim-doc/doc-docbook spec.xfpt
Log:
Note an LDAP gotcha pointed out by Robert Bannocks.
Revision Changes Path
1.36 +12 -9 exim/exim-doc/doc-docbook/spec.xfpt
Index: spec.xfpt
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-docbook/spec.xfpt,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- spec.xfpt 15 Feb 2008 13:13:43 -0000 1.35
+++ spec.xfpt 15 Feb 2008 13:19:30 -0000 1.36
@@ -1,4 +1,4 @@
-. $Cambridge: exim/exim-doc/doc-docbook/spec.xfpt,v 1.35 2008/02/15 13:13:43 fanf2 Exp $
+. $Cambridge: exim/exim-doc/doc-docbook/spec.xfpt,v 1.36 2008/02/15 13:19:30 fanf2 Exp $
.
. /////////////////////////////////////////////////////////////////////////////
. This is the primary source of the Exim Manual. It is an xfpt document that is
@@ -23571,17 +23571,20 @@
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
- server_condition = ${if ldapauth \
- {user="cn=${quote_ldap_dn:$auth1},ou=people,o=example.org" \
- pass=${quote:$auth2} \
- ldap://ldap.example.org/}}
+ server_condition = ${if and{{
+ !eq{}{$auth1} }{ \
+ ldapauth{user="cn=${quote_ldap_dn:$auth1},ou=people,o=example.org" \
+ pass=${quote:$auth2} \
+ ldap://ldap.example.org/} }} }
server_set_id = uid=$auth1,ou=people,o=example.org
.endd
-Note the use of the &%quote_ldap_dn%& operator to correctly quote the DN for
-authentication. However, the basic &%quote%& operator, rather than any of the
-LDAP quoting operators, is the correct one to use for the password, because
-quoting is needed only to make the password conform to the Exim syntax. At the
-LDAP level, the password is an uninterpreted string.
+We have to check that the username is not empty before using it, because LDAP
+does not permit empty DN components. We must also use the &%quote_ldap_dn%&
+operator to correctly quote the DN for authentication. However, the basic
+&%quote%& operator, rather than any of the LDAP quoting operators, is the
+correct one to use for the password, because quoting is needed only to make
+the password conform to the Exim syntax. At the LDAP level, the password is an
+uninterpreted string.