Goal:
Allow users to authenticate with SMTP with their LDAP credentials.
Problem:
Exim spits out errors because it doesn't bind to the LDAP server.
Config:
--
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if and{{ !eq{}{$auth2} }{ \
ldapauth{\
USER="${quote_ldap:${lookup ldapdn{ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=${quote_ldap:$auth2})}}}" \
PASS=${quote:$auth3} \
ldap://ldap.cyberfusion.cloud/} }} }
server_set_id = $auth2
server_prompts = :
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if and{{ !eq{}{$auth1} }{ \
ldapauth{\
USER="${quote_ldap:${lookup ldapdn{ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=${quote_ldap:$auth1})}}}" \
PASS=${quote:$auth2} \
ldap://ldap.cyberfusion.cloud/} }} }
server_set_id = $auth1
--
Log:
--
14:36:39 999 /considering: ${if and{{ !eq{}{$auth1} }{ ldapauth{USER="${quote_ldap:${lookup ldapdn{ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=${quote_ldap:$auth1})}}}" PASS=${quote:$auth2} ldap://ldap.cyberfusion.cloud/} }} }
[...]
14:36:39 999 type=ldapdn key="ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=internal-mailinfra)"
14:36:39 999 database lookup required for ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=internal-mailinfra)
14:36:39 999 LDAP parameters: user=NULL pass=NULL size=0 time=0 connect=0 dereference=0 referrals=on
14:36:39 999 perform_ldap_search: ldapdn URL = "ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=internal-mailinfra)" server=NULL port=0 sizelimit=0 timelimit=0 tcplimit=0
14:36:39 999 after ldap_url_parse: host=dc0.cyberfusion.cloud port=389
14:36:39 999 ldap_initialize with URL ldap://dc0.cyberfusion.cloud:389/
14:36:39 999 initialized for LDAP (v3) server dc0.cyberfusion.cloud:389
14:36:39 999 LDAP_OPT_X_TLS_TRY set due to ldap:// URI
14:36:39 999 binding with user=NULL password=NULL
14:36:39 999 Start search
14:36:39 999 search ended by ldap_result yielding 101
14:36:39 999 ldap_parse_result: 0
14:36:39 999 ldap_parse_result yielded 1: Operations error
14:36:39 999 LDAP search failed - error 1: Operations error/000004DC: LdapErr: DSID-0C09079A, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v23f0
14:36:39 999 lookup deferred: LDAP search failed - error 1: Operations error/000004DC: LdapErr: DSID-0C09079A, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v23f0
14:36:39 999 |failed to expand: ${lookup ldapdn{ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=${quote_ldap:$auth1})}}}" PASS=${quote:$auth2} ldap://ldap.cyberfusion.cloud/} }} }
14:36:39 999 \___error message: lookup of "ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=internal-mailinfra)" gave DEFER: LDAP search failed - error 1: Operations error/000004DC: LdapErr: DSID-0C09079A, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v23f0
14:36:39 999 |failed to expand: USER="${quote_ldap:${lookup ldapdn{ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=${quote_ldap:$auth1})}}}" PASS=${quote:$auth2} ldap://ldap.cyberfusion.cloud/} }} }
14:36:39 999 \___error message: lookup of "ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=internal-mailinfra)" gave DEFER: LDAP search failed - error 1: Operations error/000004DC: LdapErr: DSID-0C09079A, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v23f0
14:36:39 999 |failed to expand: ${if and{{ !eq{}{$auth1} }{ ldapauth{USER="${quote_ldap:${lookup ldapdn{ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=${quote_ldap:$auth1})}}}" PASS=${quote:$auth2} ldap://ldap.cyberfusion.cloud/} }} }
14:36:39 999 \___error message: lookup of "ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=internal-mailinfra)" gave DEFER: LDAP search failed - error 1: Operations error/000004DC: LdapErr: DSID-0C09079A, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v23f0 inside "and{...}" condition
14:36:39 999 expansion failed: lookup of "ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=internal-mailinfra)" gave DEFER: LDAP search failed - error 1: Operations error/000004DC: LdapErr: DSID-0C09079A, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v23f0 inside "and{...}" condition
14:36:39 999 /considering: $auth1
14:36:39 999 |__expanding: $auth1
14:36:39 999 \_____result: internal-mailinfra
14:36:39 999 SMTP>> 435 Unable to authenticate at present
--
Note this line:
14:36:39 999 binding with user=NULL password=NULL
Why does Exim not bind to the LDAP server with my credentials and how can I set it up so it does?
Met vriendelijke groet, with kind regards,
William Edwards
Cyberfusion - Hosting voor webbureaus en bedrijfskritische applicaties
W.
https://www.cyberfusion.nl/
E. wedwards@???
T. 040 - 711 44 96
