Attempting to connect to a Windows 2000 PDC for LDAP authentication.
Connecting from a Debian-woody-3.0/exim-4.20/exiscan-acl-06 box
given the below authenticator, i'd been having no issues. LDAP
authentication worked perfectly. When I added tls_cert/tls_privatekey and
tls_advertise_hosts, I started getting LDAP lookup errors when connecting
via ldaps:// (also reproduced below)
Any ideas?
Does the TLS subsystem use the cert/key for ldap authentication?
I'm totally stumped.
-r
PS: The exim cert is signed by the same CA as the PDC/LDAP box.
PPS: the passwords _are_obscured in the dump, yes.
------------ /usr/exim/configure
# outlook
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
hide server_condition = \
${if ldapauth \
{user=${quote:${lookup ldapdn \
{user=${quote:LDAP_BINDDN}
pass=${quote:LDAP_PW} \
ldap://ldap.houseofashes.net/CN=Users,DC=houseofashes,DC=net??sub?(samaccoun
tname=$1)} \
}} pass=${quote:$2} \
ldaps://terra.houseofashes.net/} \
{yes}{no} }
server_set_id = $1
------------ exim -bd -d+all
20:18:39 14176 expanding: user=${quote:${lookup ldapdn
{user=${quote:CN=ASHES ldap user,OU=Service Accounts,DC=houseofashes,DC=net}
pass=${quote:obscured_password}
ldap://ldap.houseofashes.net/CN=Users,DC=houseofashes,DC=net??sub?(samaccoun
tname=$1)} }} pass=${quote:$2} ldaps://terra.houseofashes.net/
20:18:39 14176 result: user="CN=Reijo
Pitkanen,CN=Users,DC=houseofashes,DC=net" pass="6662U!"
ldaps://terra.houseofashes.net/
20:18:39 14176 ---0 Get 268542384 56 string.c 530
20:18:39 14176 ---0 Get 268542440 16 string.c 530
20:18:39 14176 LDAP parameters: user=CN=Reijo
Pitkanen,CN=Users,DC=houseofashes,DC=net pass=6662U! size=0 time=0
connect=-1
20:18:39 14176 perform_ldap_search: ldapauth URL
="ldaps://terra.houseofashes.net/" server=NULL port=0 sizelimit=0
timelimit=0 tcplimit=-1
20:18:39 14176 after ldap_url_parse: host=terra.houseofashes.net port=636
20:18:39 14176 ---0 Get 268542456 88 ldap.c 297
20:18:39 14176 ldap_initialize with URL ldaps://terra.houseofashes.net:636/
20:18:39 14176 ---0 Rst 268542456 ** ldap.c 341 24600
20:18:39 14176 initialized for LDAP (v3) server terra.houseofashes.net:636
20:18:39 14176 LDAP_OPT_X_TLS_HARD set
20:18:39 14176 ---1 Get 268534408 32 ldap.c 416
20:18:39 14176 ---1 Get 268534440 24 string.c 349
20:18:39 14176 binding with user=CN=Reijo
Pitkanen,CN=Users,DC=houseofashes,DC=net password=6662U!
20:18:39 14176 ---0 Get 268542456 120 string.c 349
20:18:39 14176 failed to bind the LDAP connection to server
terra.houseofashes.net:636 - LDAP error 81: Can't contact LDAP server
20:18:39 14176 failed to expand: ${if ldapauth {user=${quote:${lookup ldapdn
{user=${quote:CN=ldapuser,OU=Service Accounts,DC=houseofashes,DC=net}
pass=${quote:obscured_pw}
ldap://ldap.houseofashes.net/CN=Users,DC=houseofashes,DC=net??sub?(samaccoun
tname=$1)} }} pass=${quote:$2} ldaps://terra.houseofashes.net/} {yes}{no} }
20:18:39 14176 error message: failed to bind the LDAP connection to
server terra.houseofashes.net:636 - LDAP error 81: Can't contact LDAP server
20:18:39 14176 login authenticator:
20:18:39 14176 $1 = reijo
20:18:39 14176 $2 = 6662U!
20:18:39 14176 expansion failed: failed to bind the LDAP connection to
server terra.houseofashes.net:636 - LDAP error 81: Can't contact LDAP server
