Re: [exim] LDAP for SMTP auth not working

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Paul Muster
CC: exim-users
Subject: Re: [exim] LDAP for SMTP auth not working
On 2013-03-06 at 19:04 +0100, Paul Muster wrote:
> --> /etc/exim4/conf.d/auth/40_LDAP-auth
> plain_server:
>   driver = plaintext
>   public_name = PLAIN
>   server_prompts = Username:: : Password::
>   server_condition = ${if and{{ \
>     !eq{}{$auth2} }{ \
>     ldapauth{\
>       user="uid=${quote_ldap_dn:$auth2},ou=Users,dc=BASE" \
>       pass=${quote:$auth3} \
>       ldap://ldap/} }} }

>
> "ldap" is my LDAP server and 'telnet ldap 389' on mailserver
> (192.168.1.4) shows that *there is no packet filter between*:


Which OS? Debian, Ubuntu?

Do you have a kernel security module, such as SELinux loaded, such that
Exim when started as a daemon is running in a context that denies
outbound connections on port 389? Eg, <http://wiki.debian.org/SELinux>.
sestatus? If so, anything in /var/log/messages about a denial?

> In the meantime I'm of the opinion that there must be something defect
> in Exim's LDAP functionality...


My understanding is that a lot of people are using it successfully.
There may be bugs (there are always bugs!), but this seems like
something that would affect lots of people if we had LDAP this broken.

You can get more debug logs relevant to LDAP by using -d+lookup instead
of just -d.

Given that error message, things did get far enough to try the
ldap_bind, so there should have been a connection. What does tcpdump
show during a test where things fail?

> # exim -d -be '${if
> ldapauth{user="uid=${quote_ldap_dn:paul},ou=Users,dc=BASIS"
> pass=${quote:geheim} ldap://ldap/}}'


Niet zo geheim.

mvg,
-Phil