Bug#702116: exim4-daemon-heavy: LDAP for SMTP auth not working

Paul Muster paul at muster.dyndns.info
Sat Mar 2 20:45:11 UTC 2013 

Package: exim4-daemon-heavy
Version: 4.80-7
Severity: normal

Dear Maintainers,

I want to use LDAP for SMTP authentication.

The second box on
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_plaintext_authenticator.html#SECID173
shows an example which I customized for my environment:

--> /etc/exim4/conf.d/auth/40_LDAP-auth
plain_server:
  driver = plaintext
  public_name = PLAIN
  server_prompts = Username:: : Password::
  server_condition = ${if and{{ \
    !eq{}{$auth2} }{ \
    ldapauth{\
      user="uid=${quote_ldap_dn:$auth2},ou=Users,dc=BASE" \
      pass=${quote:$auth3} \
      ldap://ldap/} }} }

"ldap" is my LDAP server and 'telnet ldap 389' on mailserver (192.168.1.4) shows that *there
is no packet filter between*:
Mar  2 21:20:03 ldap slapd[9942]: conn=1113 fd=43 ACCEPT from
IP=192.168.1.4:60401 (IP=0.0.0.0:389)
Mar  2 21:21:25 ldap slapd[9942]: conn=1113 fd=43 closed (connection lost)

*When delivering to Exim with SMTP auth* I get this in Exim's logs:

2013-03-02 20:52:49 plain_server authenticator failed for <client>:
435 Unable to authenticate at present (set_id=paul): failed to bind the LDAP connection
to server ldap:389 - ldap_bind() returned -1 inside "and{...}" condition

*LDAP server does not see any incoming connection from mailserver.*

I tried removing "and{{" clause, that changed Exim's log entry:

2013-02-20 23:10:00 plain_server authenticator failed for <client>: 435
Unable to authenticate at present (set_id=paul):
failed to bind the LDAP connection to server ldap:389 - ldap_bind()
returned -1

Also adding a return code in server_condition...
               ldap://ldap/} }} {yes} {no} } 
... did not help.


In the meantime I'm of the opinion that there must be something defect in
Exim's LDAP functionality...


Thanks & kind regards,

Paul


-- Package-specific info:
Exim version 4.80 #2 built 02-Jan-2013 19:40:19
Copyright (c) University of Cambridge, 1995 - 2012
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2012
Berkeley DB: Berkeley DB 5.1.29: (October 25, 2011)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM Old_Demime
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-updates'), (500, 'testing-proposed-updates')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/3 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages exim4-daemon-heavy depends on:
ii  debconf [debconf-2.0]  1.5.49
ii  exim4-base             4.80-7
ii  libc6                  2.13-38
ii  libdb5.1               5.1.29-5
ii  libgnutls26            2.12.20-4
ii  libldap-2.4-2          2.4.31-1
ii  libmysqlclient18       5.5.28+dfsg-1
ii  libpam0g               1.1.3-7.1
ii  libpcre3               1:8.30-5
ii  libperl5.14            5.14.2-18
ii  libpq5                 9.1.8-1
ii  libsasl2-2             2.1.25.dfsg1-6
ii  libsqlite3-0           3.7.13-1

exim4-daemon-heavy recommends no packages.

exim4-daemon-heavy suggests no packages.

-- debconf information excluded

More information about the Pkg-exim4-maintainers mailing list