I'm almost there now. I'd like to allow users to use plain SMTP
authentication with TLS to allow them to use the server as a relay, yet
deny relay access to everyone else.
What form of server_condition line do I need for my authenticator? I've
looked through the archives and read the section in the book but nothing
quite fits my setup. Users can be found anywhere under
dc=jolt,dc=co,dc=uk and have their password stored using 'crypt'. I'd
like them to be able to use their uid as their password.
Any help would be greatly appreciated!
Regards,
James

Tue Nov 22 2005 at 14:25:26 CET, James Davis wrote:

What form of server_condition line do I need for my authenticator? I've
looked through the archives and read the section in the book but nothing
quite fits my setup. Users can be found anywhere under
dc=jolt,dc=co,dc=uk and have their password stored using 'crypt'. I'd
like them to be able to use their uid as their password.
^^^^^^

I do hope that is a typo ;-)

Perhaps this will help:

ldap_plain:
driver = plaintext
public_name = PLAIN
server_prompts = "LDAP Username:: : LDAP Password::"
server_condition = \
${\
lookup ldap { \
user="${lookup ldapdn {user=BINDDN pass=BINDPW ldaps:///BASEDN?dn?sub?(&(uid=${quote_ldap:$2})(mail=*))}}" \
pass="$3" \
ldaps:///BASEDN?uid?sub?(&(uid=${quote_ldap:$2})(mail=*)) \
}{yes}fail \
}
# value for $authenticated_id
server_set_id = $2

Regards,
-JP

Tue, 22 Nov 2005, Jan-Piet Mens wrote:
ldap_plain:
driver = plaintext
public_name = PLAIN
server_prompts = "LDAP Username:: : LDAP Password::"
Does that work? It presents as PLAIN but the prompts look like LGIN

Jan-Piet Mens wrote:

I do hope that is a typo ;-)

Yes it was :-) I meant username. Here's my customised version of your code.

ldap_plain:
driver = plaintext
public_name = PLAIN
server_prompts = "LDAP Username:: : LDAP Password::"
server_condition = \
${\
lookup ldap { \
user="${lookup ldapdn {
ldap:///dc=jolt,dc=co,dc=uk?dn?sub?(uid=${quote_ldap:$2})} }" \
pass="$3" \

ldap://localhost/dc=jolt,dc=co,dc=uk?uid?sub?(uid=${quote_ldap:$2}) \
}{yes}fail \
}
# value for $authenticated_id
server_set_id = $2

What do I need for the server_prompts line though? I'm confused now
after reading the other message in the thread.

James

James Davis wrote:
Yes it was :-) I meant username. Here's my customised version of your code.
Just a message to say that your/my recipe worked fine, I changed the
prompt to ":".
James

Tue Nov 22 2005 at 17:21:21 CET, James Davis wrote:
What do I need for the server_prompts line though? I'm confused now
after reading the other message in the thread.
AFAIK it doesn't really matter.
-JP