22. Jan 2005

exim4 and SMTP auth against ldap

Posted in Elektronengehirne at 1:18 pm by alios

Introduction

In this small HOWTO I want to give you some ideas how to setup a smtp auth against an ldap directory server with exim4. We will use LDAP Auth to check the user/password. This is not a “in-deepth tutorial”, but a small guide with examples, you could use for your own setup. (for me the most difficult part on every exim related setup, is the translation from the basic idea to the the strange exim prefix-operator-syntax).
I asume you have set up your ldap server and it everything works fine. In the examples I will use dc=example, dc=net as base-dn and look for user entries under ou=People, dc=example, dc=com.

The config sniped

First of all here is the part of the config which enables the authentification:

ldap_default_servers = ldap.example.com::636begin authenticators

plain_server:

driver = plaintext
server_advertise_condition = ${if match{$sender_host_address}\
{\N^10\.0\.0\.\d{1,3}\N}{0}{1}}
public_name = PLAIN
server_condition = ${if ldapauth \
{user=”uid=${quote_ldap_dn:$2},ou=People,dc=example,dc=com” \
pass=${quote:$3} \
ldaps:///}{yes}{no}}
server_set_id = $2
server_prompts = :


login_server:

driver = plaintext
server_advertise_condition = ${if match{$sender_host_address}
{\N^10\.0\.1\.\d{1,3}\N}{0}{1}}
public_name = LOGIN
server_prompts = “Username:: : Password::”
server_condition = ${if ldapauth \
{user=”uid=${quote_ldap_dn:$1},ou=People,dc=example,dc=com”\
pass=${quote:$2} \
ldaps:///}{yes}{no}}
server_set_id = $1

The explanation

Now some explanations about the stuff up there.

  • I have configured 2 “auth servers” for PLAIN and LOGIN authenfication.
  • ldap_default_servers sets the default ldap server, so you only one place to set it.
  • server_advertise_condition here i set to whom i advertise the authenficition. In the example above, only those clients which come from outside my local net (10.0.0.*) have to authentificate.
  • server_condition is the check.It tries to auth against the ldap server with the user $2 respectivly $1 and the password $3 respectivly $2. server_set_id: if the auth works, it sets the “exim-user” to the user.

I hope this helped you a little bit. The most importent source of information is: The Exim Documentation.