[exim] Authenticators multiple conditions

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Colin Alston
Date:  
À: exim-users
Sujet: [exim] Authenticators multiple conditions
Hi

I'm trying to configure an authenticator in such a way that a certain
range is excluded. The documentation suggests using auth_advertise_hosts
to exclude ranges from authentication, but the problem is that with
Outlook it fails immediately when authentication is configured but not
advertised by the server.

Of course, trying to change the server is easier than expecting
Microsoft to fix their mail client... so I'd like to therefore use
another tactic, that is to authenticate the lan IP addresses no matter
what credentials they provide.

My problem is that I don't know how to combine a lookup with an if/or
syntax in server_condition as this appears to be poorly documented.

I'm using 'lookup ldap' because this is the only sane way to allow
multiple DN's to authenticate, but when I combine 'lookup' with an 'or'
the following results

2009-01-13 13:53:43 login authenticator failed for ([172.31.0.213])
[172.31.0.213]: 435 Unable to authenticate at present (set_id=nobody):
unknown condition "lookup" inside "or{...}" condition

The authenticator I conjured up looks as follows.

plain:
    driver = plaintext
    public_name = PLAIN
    server_prompts = :
    server_advertise_condition = yes
    server_condition = ${if or {{ \
                lookup ldap{ \
                    user="${lookup ldapdn \
                        {user="cn=Manager,o=FOO" pass=mypass
ldap:///?dn?sub?(&(accountStatus=active)(mail=${quote_ldap:$1}))} \
                    }" \
                    pass="$2" \


ldap:///?mail?sub?(&(accountStatus=active)(mail=${quote_ldap:$1})) \
                }{yes}fail \
            } \
            { \
                match_ip{$sender_host_address}{172.31.0.0/24} \
            }} \
        }
    server_set_id = $2


What is not obvious are the following things
- What does "{yes}fail" do differently than "{yes}{no}"? Which should I
be using in this context?
- How can I simply combine lookups with other criteria in a server
condition as above?
- What is actually allowed in a server_condition in terms of matching
conditions?

Regards,

--
Colin Alston <colin@???>