Re: SMTP AUTH

Tue, 07 May 2002 07:25:34 -0700 

smtp-auth-20011001 works fine with qmail-ldap-20020501a but there are 
some ideas i'd like to share

I'm in charge of medium-sized (100K users) multidomain free-email service.
My ldap (iPlanet 5.1) tree looks like this (these are few DNs to 
describe it) :

o=ukrpost
   o=ukrpost.net, o=ukrpost
     uid=user1, o=ukrpost.net, o=ukrpost
     uid=user2, o=ukrpost.net, o=ukrpost

   o=epost.com.ua, o=ukrpost
     uid=user1, o=epost.com.ua, o=ukrpost
     uid=user2, o=ukrpost.net, o=ukrpost

now consider an example:
[EMAIL PROTECTED] wants to use smtp auth
/var/qmail/bin/auth_smtp knows _only_ his uid and password so it 
constructs ldap filter like the one below:
(&(objectclass=qmailUser)(uid=user1))

basedn is "o=ukrpost" because i also have to search users in other domains

it queries the ldap and has _two_ dns in answer (which is correct):
dn1: uid=user1, o=ukrpost.net, o=ukrpost
dn2: uid=user1, o=epost.com.ua, o=ukrpost

but still it cant authenticate user1.

A question: is there a way to solve my problem? running to qmail-smtpds 
with different basedns?


The solution that comes to my mind first is:
qmail-ldap should
1 query by "mail" not by "uid", (mail is more uniq than uid :) )
2 have a notion of "default domain" if user says that he/she is just 
"user1" then he/she is "[EMAIL PROTECTED]" otherwise
he/she is "[EMAIL PROTECTED]"

ultimately auth_smtp should construct filter like this:
(&(objectclass=qmailuser)([EMAIL PROTECTED]))

btw: this is how this problem is solved in courier-imap


thanks in advance

alex zhukov

Henning Brauer wrote:
> On Fri, May 03, 2002 at 09:03:36PM -0300, Jorge Rocha Gualtieri wrote:
> 
>>      I've tryed to apply smtp-auth-20011001.patch against qmail-1.03 patched 
>>with qmail-ldap-1.03-20020501.patch, but I got some rejections on Makefile. 
>>If I solve those rejections it will work as expected?
> 
> 
> if you do it right, it should, yes ;-)
> 
> 
>>      I'm asking this because can't understand why smtp auth patch change some 
>>thinks in qmail-smtpd.c related to TLS.
> 
> 
> it doesn't.
> 
> 
>>      And I would like to know if somebody was using this patch with 
>>qmail-ldap-1.03-20011001a.patch? it was working as expected?
> 
> 
> yup.
>

Reply via email to