Henning Brauer has been kind enough to post a patch for qmail-ldap
(version 0802-i). It's at
http://www.lifewithqmail.org/ldap/patches/foreign/winebarger/qmail-ldap-various.patch.gz
It includes the smtp_auth patch, as well as a some extra features I added.
There's a pretty comprehensive README, but here's the basics of what I
added:
1) domain specific base dn's - you have to set up the object class to use
for domains.
2) aliased domains - you have to set up the object class for domain
references - probably you could also do this with real alias entries in
the ldap database, but the openldap docs weren't too clear on this.
3) addresses can be local part only inside the domain, but search filter
looks for full address as well (so with aliased domains you can catch
foo@bar.(com|net|org) with a single mail attribute of foo, or you could
have a separate entry for [EMAIL PROTECTED] and the other 2 get caught by just
plain foo.
4) ldap uri instead of just a hostname - allows ldaps:// for an SSL
connection to you ldap server.
5) ripped out the special treatment of mailmessagestore and reverted it to
using homeDirectory and mailmessage store as a subdirectory of that
(possibly ./), added ldapmailroot control file for an absolute mail root
directory (even if homeDirectory has a leading /). This is basically just
reversion back to how qmail does things, as far as I can tell.
6) added an ifdef to force qmail-smtpd reject auths without prior
STARTTLS.
7) added an ifdef to only allow relaying if the envelope sender is one of
the addresses in the ldap entry of the auth'ed user. Currently, once you
do an auth, [EMAIL PROTECTED] can send mail as [EMAIL PROTECTED] or anything else
and it will get relayed. This fixes that. However aliased domains have
some special requirements for the user (have to auth as the user @ the
domain alias they want to send as - e.g. authorize as [EMAIL PROTECTED], must
send as [EMAIL PROTECTED], unless [EMAIL PROTECTED] is one of the alternate addresses -
likewise, authorize aas [EMAIL PROTECTED], can't send as [EMAIL PROTECTED]). My guess
is most people will want to send from a particular one of the domain's
aliases almost always, so it shouldn't be a major issue. Note that if
they have [EMAIL PROTECTED] as one of their alternateaddresses, they'll be
able to send mail with that envelope sender, even if it's not one of their
domains.
I've tested this patch with Courier IMAP and Outlook Express.
Lynn
