[Exim] Sudden stop of exim's cram-md5 auth...

Top Page
Delete this message
Reply to this message
Author: Eric Renfro
Date:  
To: exim-users
Subject: [Exim] Sudden stop of exim's cram-md5 auth...
LDAP_USER =    cn=_____,dc=mydomain,dc=com
LDAP_BASEDN =    dc=mydomain,dc=com
LDAP_PASSWD =    _____


AUTH_USER =    user=LDAP_USER pass=LDAP_PASSWD \
                ldap:///LDAP_BASEDN?uid?sub?(uid=$1)
AUTH_PASSWD =    user=LDAP_USER pass=LDAP_PASSWD \
                ldap:///LDAP_BASEDN?userPassword?sub?(uid=$1)


cram:
  driver = cram_md5
  public_name = CRAM-MD5
  server_secret = ${if eq{$1}{${lookup ldap \
    {AUTH_USER}{$value}fail}} \
    {${lookup ldap \
    {AUTH_PASSWD}{$value}fail}}fail}
  server_set_id = $1


This setup had been working for 2 days straight, then suddenly, won't work
anymore, out of the blue, and I don't get why.

Snips from the logs below, show it's getting the proper returns back though:

search_open: ldap "NULL"
search_find: file="NULL"
key="user=cn=____,dc=mydomain,dc=com pass=_____
ldap:///dc=mydomain,dc=com?uid?sub?(uid=$_username_)" partial=-1
LRU list:
internal_search_find: file="NULL"
type=ldap key="user=cn=_____,dc=mydomain,dc=com pass=_____
ldap:///dc=mydomain,dc=com?uid?sub?(uid=$_username_)"
database lookup required for user=cn=_____,dc=mydomain,dc=com pass=_____
ldap:///dc=mydomain,dc=com?uid?sub?(uid=$_username_)
LDAP parameters: user=cn=_____,dc=mydomain,dc=com pass=_____ size=0 time=0
perform_ldap_search: ldap URL
="ldap:///dc=mydomain,dc=com?uid?sub?(uid=$_username_)" server=NULL port=0
sizelimit=0 timelimit=0
Initialized connection with LDAP server NULL:389
LDAP_OPT_X_TLS_TRY set
Binding with user=cn=_____,dc=mydomain,dc=com password=_____
Start search
ldap_result loop
LDAP entry loop
LDAP attr loop uid:$_username_
search ended by ldap_result yielding 101
LDAP search: returning: $_username_
lookup yielded: $_username_
search_open: ldap "NULL"
cached open
search_find: file="NULL"
key="user=cn=_____,dc=mydomain,dc=com pass=_____
ldap:///dc=mydomain,dc=com?userPassword?sub?(uid=$_username_)" partial=-1
LRU list:
internal_search_find: file="NULL"
type=ldap key="user=cn=_____,dc=mydomain,dc=com pass=_____
ldap:///dc=mydomain,dc=com?userPassword?sub?(uid=$_username_)"
database lookup required for user=cn=_____,dc=mydomain,dc=com pass=_____
ldap:///dc=mydomain,dc=com?userPassword?sub?(uid=$_username_)
LDAP parameters: user=cn=_____,dc=mydomain,dc=com pass=_____ size=0 time=0
perform_ldap_search: ldap URL
="ldap:///dc=mydomain,dc=com?userPassword?sub?(uid=$_username_)" server=NULL
port=0 sizelimit=0 timelimit=0
Re-using cached connection to LDAP server NULL:389
Start search
ldap_result loop
LDAP entry loop
LDAP attr loop userPassword:$_password_
search ended by ldap_result yielding 101
LDAP search: returning: $_password_
lookup yielded: $_password_
SMTP>> 535 Incorrect authentication data

tls_do_write(80e18b8, 35)
SSL_write(SSL, 80e18b8, 35)
outbytes=35 error=0
LOG: MAIN REJECT
Authentication failed for ginseng.mydomain.com [192.168.1.10] ($_username_):
535 Incorrect authentication data (set_id=$_username_)
Calling SSL_read(8102520, 81175f8, 4096)
SMTP<< QUIT
SMTP>> 221 mail.mydomain.com closing connection

tls_do_write(80e18b8, 43)
SSL_write(SSL, 80e18b8, 43)
outbytes=43 error=0
tls_close(): shutting down SSL
SSL info: SSL negotiation finished successfully
LOG: smtp_connection MAIN
SMTP connection from ginseng.mydomain.com [192.168.1.10] closed by QUIT
search_tidyup called
unbind LDAP connection to NULL:389
child 22342 ended: status=0x0
0 SMTP accept processes now running
Listening...

Replacing $_username_ with the valid username, and $_password_ with the
cleartext password.

Eric Renfro