Re: [exim] DEFER: ldap search initiation failed

Top Page
Delete this message
Reply to this message
Author: Erik Zweers
Date:  
To: exim-users
Subject: Re: [exim] DEFER: ldap search initiation failed
Figured out the problem. Basically it was a missing
${quote_ldap:$local_part}.

But the logging isn't very useful. I ripped some logging from elsewhere
in the ldap.c code and put it in to handle the ldap_search fails. Here
is the patch.

-------------------------------------------------------------------
--- src/lookups/ldap.c.pkgorig 2004-10-05 04:32:08.000000000 -0400
+++ src/lookups/ldap.c 2004-12-14 11:06:48.705144136 -0500
@@ -519,7 +519,22 @@

 if (msgid == -1)
   {
-  *errmsg = string_sprintf("ldap search initiation failed");
+  int err;
+#if defined LDAP_LIB_SOLARIS || defined LDAP_LIB_OPENLDAP2
+    ldap_get_option(lcp->ld, LDAP_OPT_ERROR_NUMBER, &err);
+    *errmsg = string_sprintf("ldap_search failed: %d, %s",
+      err, ldap_err2string(err));
+
+  #elif defined LDAP_LIB_NETSCAPE
+    /* Dubious (surely 'matched' is spurious here?) */
+    (void)ldap_get_lderrno(lcp->ld, &matched, &error1);
+    *errmsg = string_sprintf("ldap_search failed: %s (%s)", error1,
matched);
+
+  #else                             /* UMich LDAP aka OpenLDAP 1.x */
+    *errmsg = string_sprintf("ldap_search failed: %d, %s",
+      lcp->ld->ld_errno, ldap_err2string(lcp->ld->ld_errno));
+  #endif
+
   goto RETURN_ERROR;
   }
-------------------------------------------------------------------------


On Thu, 2004-12-09 at 13:34, Erik Zweers wrote:
> I've built up a couple of exim boxes to replace some sendmail
> mailrouters. I've got it setup to mimick the sendmail servers while I
> work on the transition.
>
> I had them running in the group and everything seemed to be working
> fine, except about 3 times a minute, I would get an error message
> "DEFER:ldap search initiation failed".
>
> I've checked the addresses that failed, and they are just random
> addresses. Some exist, some don't etc etc. We've checked the ldap
> server to see if it saw any problems, and it saw no attempt to even
> connect.
>
> I ran the server with a -d-all+lookup and got a session that failed.
>
> --------------------------------------------------------------------------
> 2045 Process 2045 is handling incoming connection from [1.2.3.4]
> 2045 Process 2045 is ready for new message
> 2045 search_open: lsearch "/etc/exim/local-routed"
> 2045 search_find: file="/etc/exim/local-routed"
> 2045 key="stderr.efficientimpacte.com" partial=-1 affix=NULL
> starflags=0
> 2045 LRU list:
> 2045 :/etc/exim/local-routed
> 2045 End
> 2045 internal_search_find: file="/etc/exim/local-routed"
> 2045 type=lsearch key="stderr.efficientimpacte.com"
> 2045 file lookup required for stderr.efficientimpacte.com
> 2045 in /etc/exim/local-routed
> 2045 lookup failed
> 2045 search_open: ldapm "NULL"
> 2045 search_find: file="NULL"
> 2045 key="user="uid=something" pass="else"
> ldap:///o=top?mailRoutingAddress,mailHost,objectClass?sub?(&(mailLocalAddress=3-1546081-domain.net?wendling@???)(objectClass=inetLocalMailRecipient))" partial=-1 affix=NULL starflags=0
> 2045 LRU list:
> 2045 :/etc/exim/local-routed
> 2045 End
> 2045 internal_search_find: file="NULL"
> 2045 type=ldapm key="user="something" pass="else"
> ldap:///o=top?mailRoutingAddress,mailHost,objectClass?sub?(&(mailLocalAddress=3-1546081-domain.net?wendling@???)(objectClass=inetLocalMailRecipient))"
> 2045 database lookup required for user="something" pass="else"
> ldap:///o=top?mailRoutingAddress,mailHost,objectClass?sub?(&(mailLocalAddress=3-1546081-domain.net?wendling@???)(objectClass=inetLocalMailRecipient))
> 2045 LDAP parameters: user=something pass=else size=0 time=0 connect=-1
> dereference=0
> 2045 perform_ldap_search: ldapm URL =
> "ldap:///o=top?mailRoutingAddress,mailHost,objectClass?sub?(&(mailLocalAddress=3-1546081-domain.net?wendling@???)(objectClass=inetLocalMailRecipient))" server=ldap2.backbone port=0 sizelimit=0 timelimit=0 tcplimit=-1
> 2045 after ldap_url_parse: host=ldap2.backbone port=0
> 2045 ldap_initialize with URL ldap://ldap2:389/
> 2045 initialized for LDAP (v3) server ldap2:389
> 2045 LDAP_OPT_X_TLS_TRY set
> 2045 binding with user=something password=else
> 2045 Start search
> 2045 ldap search initiation failed
> 2045 lookup deferred: ldap search initiation failed
> 2045 LOG: MAIN REJECT
> 2045 LOG: MAIN REJECT
> 2045 H=brightmail1.otherdomain.net (brightmail1.otherdomain.com)
> [69.63.44.2]
> F=<3-1546081-domain.net?wendling@???>
> temporarily rejected RCPT <wendling@???>: ldap search initiation
> failed
> 2045 LOG: smtp_connection MAIN
> 2045 SMTP connection from brightmail1.otherdomain.net
> (brightmail1.otherdomain.com) [1.2.3.4] closed by QUIT
> 2045 search_tidyup called
> 2045 unbind LDAP connection to ldap2.backbone:389
> 1755 child 2045 ended: status=0x0
> ------------------------------------------------------------------------------
>
> I'm not sure where to go with troubleshooting this further. Does anyone
> have any suggestions?
>