[Exim] Bad LDAP Lookup?

Top Page
Delete this message
Reply to this message
Author: Jeffrey C. Ollie
Date:  
To: exim-users
Subject: [Exim] Bad LDAP Lookup?
I've been having intermittent problems with LDAP lookups it seems.
Our e-mail system consists of a number of NetWare servers running
Mercury & Pegasus Mail. All of the servers are part of the same NDS
tree. Tying the NetWare servers together are two Linux servers that
run Exim v3.22 and use LDAP to query the NDS tree to get routing
information.

This setup works just great most of the time. Other times the system
will come up with an extra address that has 50 "\333" (219 decimal or
0xDB hex) characters tacked to the front of the original local part.

This only seems to happen when there are two or more user objects with
the same common name in the NDS tree and not all of the objects have a
"mail" attribute. It doesn't happen every time though. It also does
appear to be something in Exim that causes the problem because I can't
get the the command-line ldapsearch utility to return anything but
what I would expect, even after dozens of searches.

This happens on both of my Linux servers. Both servers run Exim v3.22
and OpenLDAP 2.0.7, glibc 2.2.1, and kernel 2.4.0-test12. This
happened under previous versions of glibc.

I took a quick look at the LDAP lookup code but didn't see anything
obvious. Can anyone provide any suggestions?

Jeff

Here's the relevant director:

dmacc_lookup:
driver = aliasfile
domains = dmacc.cc.ia.us : dmacc.org
search_type = ldapm
query = "ldap://an01a.dmacc.cc.ia.us/o=DMACC?mail?sub?(&(objectClass=User)(cn=${quote_ldap:${local_part}}))"
forbid_file
forbid_pipe
no_more

Here's an example of a bad transaction:

Feb 15 16:42:08 ratbert exim[27222]: 2001-02-15 16:42:08 14TX6G-000754-01 <= jwalcorn@??? H=an03.dmacc.cc.ia.us [161.210.214.233] P=esmtp S=1342
Feb 15 16:42:09 ratbert exim[27225]: 2001-02-15 16:42:09 14TX6G-000754-01 ** ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛpdbrinton@??? <pdbrinton@???>: unknown local-part "\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333\333pdbrinton" in domain "ratbert.dmacc.cc.ia.us"
Feb 15 16:42:09 ratbert exim[27225]: 2001-02-15 16:42:09 14TX6G-000754-01 => pdbrinton@??? <pdbrinton@???> R=lookuphost T=remote_smtp H=an03.dmacc.cc.ia.us [161.210.214.233]
Feb 15 16:42:09 ratbert exim[27226]: 2001-02-15 16:42:09 14TX6H-000758-00 <= <> R=14TX6G-000754-01 U=exim P=local S=2889
Feb 15 16:42:09 ratbert exim[27225]: 2001-02-15 16:42:09 14TX6G-000754-01 Error message sent to jwalcorn@???
Feb 15 16:42:09 ratbert exim[27225]: 2001-02-15 16:42:09 14TX6G-000754-01 Completed

And here's an example of a good one:

Feb 13 16:18:08 ratbert exim[3984]: 2001-02-13 16:18:08 14Snlw-00012G-00 <= bulkmail@??? H=qmail3.arcamax.com [209.96.210.76] P=smtp S=5032 id=20010213221800.19219.qmail@???
Feb 13 16:18:09 ratbert exim[3985]: 2001-02-13 16:18:09 14Snlw-00012G-00 => pdbrinton@??? <pdbrinton@???> R=lookuphost T=remote_smtp H=an03.dmacc.cc.ia.us [161.210.214.233]
Feb 13 16:18:09 ratbert exim[3985]: 2001-02-13 16:18:09 14Snlw-00012G-00 Completed

Here's the results from ldapsearch:

[jeff@oak jeff]$ ldapsearch -x -P3 -h an01a.dmacc.cc.ia.us -b o=DMACC '(cn=pdbrinton)' mail
version: 2

#
# filter: (cn=pdbrinton)
# requesting: mail
#

# pdbrinton,Staff,Ankeny,DMACC
dn: cn=pdbrinton,ou=Staff,ou=Ankeny,o=DMACC
mail: pdbrinton@???

# pdbrinton,Staff,Urban,DMACC
dn: cn=pdbrinton,ou=Staff,ou=Urban,o=DMACC

# pdbrinton,Students,Urban,DMACC
dn: cn=pdbrinton,ou=Students,ou=Urban,o=DMACC

# pdbrinton,Faculty,Urban,DMACC
dn: cn=pdbrinton,ou=Faculty,ou=Urban,o=DMACC

# search result
search: 2
result: 0 Success