Re: [exim] LDAP and variable expansion

Top Page
Delete this message
Reply to this message
Author: Stephen Gran
Date:  
To: exim-users
Subject: Re: [exim] LDAP and variable expansion
On Mon, May 11, 2009 at 01:32:48PM -0500, Gmail said:
> Is there a way to expand variables to fill out the ldapauth line?
> I have clients that send in thier username and password as user@???,
> but it can also be user@???... etc... I need to pass the username
> but change the baseDN according to the domain name. Can this be done?


I use a multi-place lookup (files and ldap), but hopefully you get
the idea:

login_server:
  driver = plaintext
  public_name= LOGIN
  server_prompts = "Username:: : Password::"
  server_condition=${if ldapauth \
                      {user="uid=${quote_ldap_dn:${extract{1}{@}{$1}}},ou=People,${if eq{${extract{2}{@}{$1}}}{} {${lookup{$1}lsearch{/etc/exim4/user.map}{$value}fail}} {dc=${sg{${extract{2}{@}{$1}}}{\\.}{,dc=}}} }" \
                       pass=${quote_ldap_dn:$2} \
                       ldap://localhost/ \
                      } \
                     }
  server_set_id=$1


This allows logins as 'steve' to be looked up in /etc/exim4/user.map
for the dn, and logins as steve@??? to be checked against
uid=steve,ou=People,dc=lobefin,dc=net without an additional lookup.
The extra layer is basically there for hysterical raisins for those
users who seem to be unable to move to the $user@$domain style auth.

There is probably a nicer way to do this.

Cheers,
--
--------------------------------------------------------------------------
|  Stephen Gran                  | Television is a medium because anything |
|  steve@???             | well done is rare.   -- attributed to   |
|  http://www.lobefin.net/~steve | both Fred Allen and Ernie Kovacs        |

--------------------------------------------------------------------------