Re: [Exim] Exim-4.32: ldap operations error

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMHochstrasser Benedikt at <-
.M 
Delete this message
Reply to this message
Author: Nigel Wade
Date:  
To: Hochstrasser Benedikt
CC: exim-users
Subject: Re: [Exim] Exim-4.32: ldap operations error
Hochstrasser Benedikt wrote:
> Hi all,
>
> I thought it was about time to look into upgrading my trusty exim 3.36
> to 4.32.
> I configured it to use ldap(version2) lookups to check if the user
> exists.
>
> Upon "exim -d -bt someuser@???" I get (amongst other stuff) the
> following error:
>
> LDAP search failed - error 1: Operations error/00000000: LdapErr:
> DSID-0C0905FF, comment: In order to perform this operation a successful
> bind must be completed on the connection., data 0, vece
>
> I tried with openldap-2.2.10 and openldap-2.1.29 (aka stable 20040329),
> with the same result. Exim 3.36 works just fine with either ldap
> library.
>
> Here's the relevant part (routers configuration) of the .conf:
>
> localdomains:
>   driver = domainlist
>   domains = mydomain1.ch : myotherdomain.ch : mythirddomain.org
>   transport = local_smtp
>   route_list = mydomain1.ch      exchange1:exchange2 byname; \
>                myotherdomain.ch  exchange1:exchange2 byname; \
>              mythirddomain.org exchange1:exchange2 byname
>   condition = "${lookup ldap {USER=ldap_query@???
> PASS=ldap_password \
>                 ldap:///dc=mydomain,dc=lan?mail?sub? \
>                 (proxyAddresses=smtp:${quote_ldap:$local_part@$domain})
> \
>                 } {$value} fail } \
>               "

>
> The ldap "target" domain is a Windows 2000 Active Directory. Openldap's
> ldapquery works fine with the credentials above. I promptly get an auth
> error with the .conf when I give eg a wrong password.
>
> As said, Exim 3.36 has no problems here.
>
> With Kind Regards
>
> Benedikt Hochstrasser
> bhoc.nospam@???
>
>
> --
>

The message looks like it's telling you the initial bind has failed for some
reason.

Is it possible to use a network packet analyser to see what transaction is
taking place between Exim and Exchange? If you can compare the working 3.36
and failing 4.32 transaction it might point out where the error is.

For example, this is what I see if I use ethereal to capture the bind
process between Exim 4.31 and our openldap server: 

Lightweight Directory Access Protocol, Bind Request
     Message Id: 1
     Message Type: Bind Request (0x00)
     Message Length: 36
     Version: 3
     DN: dn=eximbind,dc=rsppg
     Auth Type: Simple (0x00)
     Password: <bindpw>




Of course, if you use encryption this is a non-starter... 

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
             University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw@???
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Can I shut off "AUTH=" when forwarding to smarthosts?[Exim] Bug in MySQL/SMTP Authentication config code->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)