Author: vetinari
Date: Tue Dec 9 11:48:07 2008
New Revision: 958
Modified:
contrib/vetinari/rcpt_ldap
Log:
rcpt_ldap: add "ldap_domains" config - only the domains in this file will be
checked against the LDAP directory
Modified: contrib/vetinari/rcpt_ldap
==============================================================================
--- contrib/vetinari/rcpt_ldap (original)
+++ contrib/vetinari/rcpt_ldap Tue Dec 9 11:48:07 2008
@@ -33,8 +33,6 @@
# set any values that are not already
$self->{"ldconf"}->{"ldap_host"} ||= "127.0.0.1";
$self->{"ldconf"}->{"ldap_port"} ||= 389;
- $self->{"ldconf"}->{"ldap_user"} ||= "";
- $self->{"ldconf"}->{"ldap_password"} ||= "";
$self->{"ldconf"}->{"ldap_timeout"} ||= 5;
$self->{"ldconf"}->{"ldap_rcpt_filter_attr"} ||= "dn";
$self->{"ldconf"}->{"ldap_rcpt_filter"} ||=
@@ -50,19 +48,26 @@
my ($self, $transaction, $recipient) = @_;
my ($ldhost, $ldport, $ldwait, $ldbase, $ldfattr, $ldfilter, $lduserdn,
- $ldh, $mesg, $rcpt, $user, $host, $ldbinddn, $ldbindpw);
+ $ldh, $mesg, $rcpt, $user, $host);
- unless (&is_rcpthost($self,$recipient->user,$recipient->host)) {
- return (OK) if $self->qp->connection->relay_client;
- return (DECLINED);
+ my @ldap_domains = $self->qp->config("ldap_domains");
+ if (@ldap_domains) {
+ my $rcpt_host = lc $recipient->host;
+ my $rcpt_is_ldap = 0;
+ foreach my $dom (@ldap_domains) {
+ if (lc $dom eq $rcpt_host) {
+ ++$rcpt_is_ldap;
+ last;
+ }
+ }
+ return (DECLINED)
+ unless $rcpt_is_ldap;
}
# pull values in from config
$ldhost = $self->{"ldconf"}->{"ldap_host"};
$ldport = $self->{"ldconf"}->{"ldap_port"};
$ldbase = $self->{"ldconf"}->{"ldap_base"};
- $ldbinddn = $self->{"ldconf"}->{"ldap_user"};
- $ldbindpw = $self->{"ldconf"}->{"ldap_password"};
# log error here and DECLINE if no baseDN, because a custom
# baseDN is required:
@@ -77,11 +82,6 @@
$ldh = Net::LDAP->new($ldhost, port=>$ldport, timeout=>$ldwait) or
$self->log(LOGALERT, "ldap_rcpt - error in initial conn") &&
return (DENYSOFT, "temporary user lookup error");
- if (($ldbinddn ne "") && ($ldbindpw ne "")) {
- $ldh->bind($ldbinddn, password => $ldbindpw) or
- $self->log(LOGALERT, "ldap_rcpt - error trying to bind with user and
password") &&
- return (DENYSOFT, "temporary user lookup error");
- }
($rcpt = $recipient->address) =~ s/[()]/\\$1/g;
($user = $recipient->user) =~ s/[()]/\\$1/g;
@@ -169,6 +169,10 @@
=head1 CONFIGURATION
+If you have a mix of ldap / non-ldap domains, add all ldap domains to the
+C<ldap_domains> config file, one per line, all lower cased. Only these will
+be checked against the ldap directory.
+
Configuration items can be held in either the 'ldap' configuration file, or as
arguments to the plugin.
@@ -211,8 +215,6 @@
- added $user+$mbox support
-- ldap authentication (by Guilherme Buonfiglio)
-
=head1 AUTHOR
Hanno Hecker <[EMAIL PROTECTED]>
