On 29 Nov 2007 at 21:46, Bob Goldberg wrote: > > OK; > > I agree - problem is DEFINITELY ldap authentication; forget about > exim.... > > my exchange server is setup to accept clear text, and anonymous OK (even > though I'm not trying to be anon). > > here's the thing - I have no idea what is going on between ldapsearch, > and my exchange server. > > I've tried netcat'g the host:389 to see if I could evesdrop, but to no > avail. > I've tried telnet'g to the host:389, and DO connect, but have no idea > what the communication should look like, and I get no responses at all > regardless of what I try. > > ldap is definitely running - I can run custom queries, and > ldap://queries thru my windows browser with success. > > the problem IS debian authenticating w/ the exchange server. > > Can someone tell me some way to diagnose just what is happening in this > communication between ldapsearch & ldap server ??? > Or can someone point me / show me how a structured communication to > the ldap server would look like, so I can try sending it thru telnet - > just to see if I can get it to work that way.... Then I can try & figure > out what ldapsearch is sending... > > ???? > > TIA - Bob > > Bob,
I have not done this with AD; however, I have done it with Novell's eDir on a Netware Box. After confirming what attributes where visiable with an LDAP Browser on my windows workstation (http://www-unix.mcs.anl.gov/~gawor/ldap/), I wrote a perl script to verify/test e-mail address verification on the eDir. ****** Perl Snippit ************** # Open Connection to the LDAP server print "Opening a connection to $ldhost ... "; $ldap = Net::LDAP->new($ldhost) || die "Could not connect -- $@"; print "OK\n"; # print "Binding ... "; # Do an anonymous bind $mesg = $ldap->bind; $status = $mesg->code; $errmsg = $mesg->error; print "Status: ($status) $errmsg "; # # Do a search for each e-mail address foreach $addr (@eaddrs) { print "Looking for $addr ... "; $filter = "(\&(objectclass=inetOrgPerson) (mail=".$addr."))"; $mesg = $ldap->search(base=>$ogunit, filter=>$filter, attrs=>@attribs ); $status = $mesg->code; $errmsg = $mesg->error; print "Status: ($status) $errmsg "; $ecnt = $mesg->count; print "found $ecnt entries\n"; if( $ecnt > 0 ) { # Found email address in directory foreach $entry ($mesg->entries) { $dn = $entry->dn; $spam = $entry->get_value('SpamControl'); print "\t$dn \tSpamControl: $spam "; @email = $entry->get_value('mail'); $flag=0; foreach $alias (@email) { if( $flag ) { print "\n\t Alias: $alias"; } else { print "\n\tAddress: $alias"; $flag=1; } } } } else { print "failed. Does not exist in the directory\n\n"; } } ******** End of Perl Snippit *************** Once, I was able to verify email addresses with the perl; I adjusted Exim4's configuration like so ... (You need to have the "heavy" exim4 package) #### CWR Attempt at LDAP E-Mail Address verification #### accept any "group" or "mail list" address which are not in the #### eDirectory accept domains = kimberly.uidaho.edu recipients = lsearch;CONFDIR/acceptable.lst #### check for individual e-mail addresses which are in the eDirectory deny domains = kimberly.uidaho.edu message = Administrative prohibition - unable to validate recipient condition = ${lookup ldapm{ \ ldap://###.###.###.###/o=ui?mail?sub?\ (mail=${quote_ldap:[EMAIL PROTECTED])} {0} {1} } #### #### CWR Attempt at LDAP -- discard The key for me, was using the perl script and ldap browser to verify what attributes where visiable when doing an anonymous bind to ldap _and_ how to code the request. I how this helps a bit. My setup is a Novell Netware server hidden from the outside world and a Debian ETCH server visable to the outside world running exim. -- cheers Clarence -- Clarence W. Robison, P.E. [EMAIL PROTECTED] 208-423-6610 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
