On Fri, Apr 11, 2025 at 03:19:27PM -0500, Johnnie W Adams wrote: > I'm still puzzled as to why the user is blank. I certainly entered it in > the SMTP session.
For ldapauth "user" must be the so-called "Bind DN", special entry in LDAP object tree, not a user name that was entered in SMTP session. LDAP authorization requires two steps: lookup for user's DN and binding with user's password. First lookup is search of object, which have some attibute, matching user's name. This lookup requires *binddn* and its ldap password, both are different (!) from SMTP credentials. If this lookup is succesful, it returns a DN of user's object. Then LDAP binding with this DN and user's password (from SMTP session) is performed. The is no way to do native LDAP auth in one step, because it requires object DN and password. Names of users (accounts) in LDAP are not DNs, they are stored as object attributes. On other hand, several different attributes of string type may be used as "name" (or "login") for SMTP. For example, e-mail address and/or phone number may be used as "name", and first lookup may iterate through a list of attributes. -- Eugene Berdnikov -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
