[Exim] LDAP(s) Auth/TLS problem

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Reijo Pitkanen
Fecha:  
A: exim-users
Asunto: [Exim] LDAP(s) Auth/TLS problem
Attempting to connect to a Windows 2000 PDC for LDAP authentication.
Connecting from a Debian-woody-3.0/exim-4.20/exiscan-acl-06 box

given the below authenticator, i'd been having no issues. LDAP
authentication worked perfectly. When I added tls_cert/tls_privatekey and
tls_advertise_hosts, I started getting LDAP lookup errors when connecting
via ldaps:// (also reproduced below)

Any ideas?

Does the TLS subsystem use the cert/key for ldap authentication?

I'm totally stumped.

-r

PS: The exim cert is signed by the same CA as the PDC/LDAP box.
PPS: the passwords _are_obscured in the dump, yes.

------------ /usr/exim/configure
# outlook
login:
        driver = plaintext
        public_name = LOGIN
        server_prompts = "Username:: : Password::"


        hide server_condition = \
                ${if ldapauth \
                        {user=${quote:${lookup ldapdn \
                                {user=${quote:LDAP_BINDDN}
pass=${quote:LDAP_PW} \


ldap://ldap.houseofashes.net/CN=Users,DC=houseofashes,DC=net??sub?(samaccoun
tname=$1)} \
                        }} pass=${quote:$2} \
                        ldaps://terra.houseofashes.net/} \
                {yes}{no} }


        server_set_id = $1



------------ exim -bd -d+all

20:18:39 14176 expanding: user=${quote:${lookup ldapdn
{user=${quote:CN=ASHES ldap user,OU=Service Accounts,DC=houseofashes,DC=net}
pass=${quote:obscured_password}
ldap://ldap.houseofashes.net/CN=Users,DC=houseofashes,DC=net??sub?(samaccoun
tname=$1)} }} pass=${quote:$2} ldaps://terra.houseofashes.net/
20:18:39 14176    result: user="CN=Reijo
Pitkanen,CN=Users,DC=houseofashes,DC=net" pass="6662U!"
ldaps://terra.houseofashes.net/
20:18:39 14176 ---0 Get 268542384    56       string.c  530
20:18:39 14176 ---0 Get 268542440    16       string.c  530
20:18:39 14176 LDAP parameters: user=CN=Reijo
Pitkanen,CN=Users,DC=houseofashes,DC=net pass=6662U! size=0 time=0
connect=-1
20:18:39 14176 perform_ldap_search: ldapauth URL
="ldaps://terra.houseofashes.net/" server=NULL port=0 sizelimit=0
timelimit=0 tcplimit=-1
20:18:39 14176 after ldap_url_parse: host=terra.houseofashes.net port=636
20:18:39 14176 ---0 Get 268542456    88         ldap.c  297
20:18:39 14176 ldap_initialize with URL ldaps://terra.houseofashes.net:636/
20:18:39 14176 ---0 Rst 268542456    **         ldap.c  341 24600
20:18:39 14176 initialized for LDAP (v3) server terra.houseofashes.net:636
20:18:39 14176 LDAP_OPT_X_TLS_HARD set
20:18:39 14176 ---1 Get 268534408    32         ldap.c  416
20:18:39 14176 ---1 Get 268534440    24       string.c  349
20:18:39 14176 binding with user=CN=Reijo
Pitkanen,CN=Users,DC=houseofashes,DC=net password=6662U!
20:18:39 14176 ---0 Get 268542456   120       string.c  349
20:18:39 14176 failed to bind the LDAP connection to server
terra.houseofashes.net:636 - LDAP error 81: Can't contact LDAP server
20:18:39 14176 failed to expand: ${if ldapauth {user=${quote:${lookup ldapdn
{user=${quote:CN=ldapuser,OU=Service Accounts,DC=houseofashes,DC=net}
pass=${quote:obscured_pw}
ldap://ldap.houseofashes.net/CN=Users,DC=houseofashes,DC=net??sub?(samaccoun
tname=$1)} }} pass=${quote:$2} ldaps://terra.houseofashes.net/} {yes}{no} }
20:18:39 14176    error message: failed to bind the LDAP connection to
server terra.houseofashes.net:636 - LDAP error 81: Can't contact LDAP server
20:18:39 14176 login authenticator:
20:18:39 14176   $1 = reijo
20:18:39 14176   $2 = 6662U!
20:18:39 14176 expansion failed: failed to bind the LDAP connection to
server terra.houseofashes.net:636 - LDAP error 81: Can't contact LDAP server