Re: [exim] LDAP queries against AD, and LDAP error 8: Stron…

Top Page
Delete this message
Reply to this message
Author: Patrick von der Hagen
Date:  
To: exim-users
Subject: Re: [exim] LDAP queries against AD, and LDAP error 8: Strong(er) authentication required
Usually, exim+ldap+ssl/tls+simplebind works out of the box, it's really
very simple.

If I were you, I would start by getting ldapsearch working from your
mailserver. Once your figured out how to use ldapsearch, it should be
easy to transfer the required options to exim, since both are likely to
use the same ldap-library.


Am 07.06.2017 um 17:40 schrieb Marco Gaiarin:
> I'm trying to do some queries from exim (4.84.2-2+deb8u3) to an AD LDAP
> server (Samba4.2, but i think make little difference).
>
> Following:
>     https://github.com/Exim/exim/wiki/MsExchangeAddressVerification

>
> i've correctly make a test query, but i was forced to disable ''stronger
> auth'', eg put in smb.conf:
>
>     ldap server require strong auth = no

>
> even the value:
>
>     ldap server require strong auth = allow_sasl_over_tls

>
> does not work.
>
> (as stated smb.conf manpage: «A value of allow_sasl_over_tls allows simple
> and sasl binds (without sign or seal) over TLS encrypted connections.
> Unencrypted connections only allow sasl binds with sign or seal.»)
>
>
> I've tried to explicitly use ldaps:///, but bind failed.
>
>
> I'm doing something wrong or really it is needed to disable stronger auth?
> When connecting exim write:
>
>     LDAP_OPT_X_TLS_TRY set due to ldap:// URI

>
> so seems that at least try to connect with tls...
>
>
> Thanks.
>


--
Karlsruher Institut für Technologie (KIT)
Steinbuch Centre for Computing (SCC)

Patrick von der Hagen

Zirkel 2, Gebäude 20.21, Raum 004.2
76131 Karlsruhe
Telefon: +49 721 608-46433
E-Mail: hagen@???
Web: http://www.scc.kit.edu

KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft