Goal: Allow users to authenticate with SMTP with their LDAP credentials.
Problem:
Exim spits out errors because it doesn't bind to the LDAP server.
Config:
--
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if and{{ !eq{}{$auth2} }{ \
ldapauth{\
USER="${quote_ldap:${lookup
ldapdn{ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=${quote_ldap:$auth2})}}}"
\
PASS=${quote:$auth3} \
ldap://ldap.cyberfusion.cloud/} }} }
server_set_id = $auth2
server_prompts = :
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if and{{ !eq{}{$auth1} }{ \
ldapauth{\
USER="${quote_ldap:${lookup
ldapdn{ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=${quote_ldap:$auth1})}}}"
\
PASS=${quote:$auth2} \
ldap://ldap.cyberfusion.cloud/} }} }
server_set_id = $auth1
--
Log:
--
14:36:39 999 /considering: ${if and{{ !eq{}{$auth1} }{
ldapauth{USER="${quote_ldap:${lookup
ldapdn{ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=${quote_ldap:$auth1})}}}"
PASS=${quote:$auth2} ldap://ldap.cyberfusion.cloud/} }} }
[...]
14:36:39 999 type=ldapdn
key="ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=internal-mailinfra)"
14:36:39 999 database lookup required for
ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=internal-mailinfra)
14:36:39 999 LDAP parameters: user=NULL pass=NULL size=0 time=0 connect=0
dereference=0 referrals=on
14:36:39 999 perform_ldap_search: ldapdn URL =
"ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=internal-mailinfra)"
server=NULL port=0 sizelimit=0 timelimit=0 tcplimit=0
14:36:39 999 after ldap_url_parse: host=dc0.cyberfusion.cloud port=389
14:36:39 999 ldap_initialize with URL ldap://dc0.cyberfusion.cloud:389/
14:36:39 999 initialized for LDAP (v3) server dc0.cyberfusion.cloud:389
14:36:39 999 LDAP_OPT_X_TLS_TRY set due to ldap:// URI
14:36:39 999 binding with user=NULL password=NULL
14:36:39 999 Start search
14:36:39 999 search ended by ldap_result yielding 101
14:36:39 999 ldap_parse_result: 0
14:36:39 999 ldap_parse_result yielded 1: Operations error
14:36:39 999 LDAP search failed - error 1: Operations error/000004DC:
LdapErr: DSID-0C09079A, comment: In order to perform this operation a
successful bind must be completed on the connection., data 0, v23f0
14:36:39 999 lookup deferred: LDAP search failed - error 1: Operations
error/000004DC: LdapErr: DSID-0C09079A, comment: In order to perform this
operation a successful bind must be completed on the connection., data 0, v23f0
14:36:39 999 |failed to expand: ${lookup
ldapdn{ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=${quote_ldap:$auth1})}}}"
PASS=${quote:$auth2} ldap://ldap.cyberfusion.cloud/} }} }
14:36:39 999 \___error message: lookup of
"ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=internal-mailinfra)"
gave DEFER: LDAP search failed - error 1: Operations error/000004DC: LdapErr:
DSID-0C09079A, comment: In order to perform this operation a successful bind
must be completed on the connection., data 0, v23f0
14:36:39 999 |failed to expand: USER="${quote_ldap:${lookup
ldapdn{ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=${quote_ldap:$auth1})}}}"
PASS=${quote:$auth2} ldap://ldap.cyberfusion.cloud/} }} }
14:36:39 999 \___error message: lookup of
"ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=internal-mailinfra)"
gave DEFER: LDAP search failed - error 1: Operations error/000004DC: LdapErr:
DSID-0C09079A, comment: In order to perform this operation a successful bind
must be completed on the connection., data 0, v23f0
14:36:39 999 |failed to expand: ${if and{{ !eq{}{$auth1} }{
ldapauth{USER="${quote_ldap:${lookup
ldapdn{ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=${quote_ldap:$auth1})}}}"
PASS=${quote:$auth2} ldap://ldap.cyberfusion.cloud/} }} }
14:36:39 999 \___error message: lookup of
"ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=internal-mailinfra)"
gave DEFER: LDAP search failed - error 1: Operations error/000004DC: LdapErr:
DSID-0C09079A, comment: In order to perform this operation a successful bind
must be completed on the connection., data 0, v23f0 inside "and{...}" condition
14:36:39 999 expansion failed: lookup of
"ldap://dc0.cyberfusion.cloud/cn=Users,dc=cyberfusion,dc=email??sub?(sAMAccountName=internal-mailinfra)"
gave DEFER: LDAP search failed - error 1: Operations error/000004DC: LdapErr:
DSID-0C09079A, comment: In order to perform this operation a successful bind
must be completed on the connection., data 0, v23f0 inside "and{...}" condition
14:36:39 999 /considering: $auth1
14:36:39 999 |__expanding: $auth1
14:36:39 999 \_____result: internal-mailinfra
14:36:39 999 SMTP>> 435 Unable to authenticate at present
--
Note this line:
14:36:39 999 binding with user=NULL password=NULL
Why does Exim not bind to the LDAP server with my credentials and how can I set
it up so it does?
Met vriendelijke groet, with kind regards,
William Edwards
Cyberfusion - Hosting voor webbureaus en bedrijfskritische applicaties
W. https://www.cyberfusion.nl/
E. [email protected]
T. 040 - 711 44 96
smime.p7s
Description: Electronic Signature S/MIME
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
