[Exim] Exim ldaps problem

Top Page
Delete this message
Reply to this message
Author: Liang Du
Date:  
To: exim-users
Subject: [Exim] Exim ldaps problem
Dear All,
      May I know if anyone has successfully done ldaps lookup from Exim.
If so could you show me some examples?  I tried but can't get it work.
The configuration is as below:


1. Exim (ldap client) side:
build openssl;  open-ldap with tls support; Exim 4.14 built with ldap
and ssl support;
In Exim configuration file:
 ldap_default_server = host.mydomain.cxm::636
  in a router configuration: have the ldap search pattern like below
         route_list = * "${lookup user=cn=admin,o=top pass=blarblar
ldap{ldaps:///o=top?mailHost?sub?(cn=mailServer1)}{$value}fail}" byname
2. LDAP Server side:
    slapd is only listening to ldaps port 636, and working fine, it
talks with other ldap ssl client (e.g. mozilla, ldapbrower, ldapsearch
etc.)  execpt Exim.
3. Problem pattern:
I got following error from the "sendmail -d+all -bt foo@???


        gave DEFER: failed to bind the LDAP connection to server
host.mydomain.cxm:636 - LDAP error 81: Can't contact LDAP server


the debugging infomation at ldap server side is like:

TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
  0000:  30 1f 02 01 01 60 1a 02  01 03 04                  0....`.....
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
s23_srvr.c:634
connection_read(25): TLS accept error error=-1 id=17, closing


        My impression is Exim still trying to connect by ldap instead of
ldaps to port 636 because it doesn't start ssl session at all.
       Any clue is grateful, thanks in advance,
Liang


--
Liang Du
Unix System Administrator
IT Services, University of Dundee
Tel: 01382 34 81 57
Email: l.du@???