Re: [Exim] LDAP over TLS failing to bind/lookup.

Top Page
Delete this message
Reply to this message
Author: Tony Earnshaw
Date:  
To: Eric Renfro
CC: exim-users
Subject: Re: [Exim] LDAP over TLS failing to bind/lookup.
tir, 2002-08-20 kl. 13:03 skrev Eric Renfro:

> Initialized connection with LDAP server ldap.mydomain.com:636
> LDAP_OPT_X_TLS_HARD set
> Binding with user=uid=___,ou=People,dc=mydomain,dc=com password=___
> Bind failed: ldapauth returns FAIL


I have your problem too. ldaps was working perfectly with Exim 4.10
until yesterday, then a couple of jokers on the Openldap list had me
change my workng DNS FQDNs to what they considered was right for me.
Which turned out later not to be so.

That broke everything, but *everything*. All is working again, apart
from Exim ldaps, which will work again but not today.

What I have discovered, though, is that Exim is extremely picky about
the combination of host lookups (gethostbyname/number) and the
certificate client DN. Much more so than ldapsearch, for example.
Exactly what it is I have yet to find out.

So, check the client DN of your ldap server public key very carefully
against your DNS zone config. Use the real-time slapd debug 5, strace
(ermmm ... Linux, otherwise use truss) and Ethereal or similar, e.g.
tcpdump (Ethereal tells you everything) to see exactly what's happening.

Best,

Tony

--

Tony Earnshaw

The usefulness of RTFM is vastly overrated.

e-post:        tonni@???
www:        http://www.billy.demon.nl
gpg public key:    http://www.billy.demon.nl/tonni.armor


Telefoon:    (+31) (0)172 530428
Mobiel:        (+31) (0)6 51153356


GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
3BE7B981