Hello *,
I just discoverd some weired anomalie.(?)
But first the facts:
Exim version 4.51 #1 built 01-Jul-2005 19:23:14
Copyright (c) University of Cambridge 2005
Berkeley DB: Sleepycat Software: Berkeley DB 4.2.52: (June 30, 2004)
Support for: iconv() IPv6 OpenSSL Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb
dsearch ldap ldapdn ldapm passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Configuration file is /etc/exim/exim.conf
Exim is running on hostA, the openLDAP ist running on hostB. slapd on hostB
provides LDAP w/ TLS on connect on port 636.
Configuration snipped:
ldap_default_servers = ldapmaster::636
...
begin routers
mail2cyrus:
driver = redirect
...
hide data = ${lookup ldap{ldaps:///....}
If I use exim in address test mode `exim -bt heiko@???' it
works and proper LDAP queries are sent and processed.
If exim runs as daemon and has to handle the same address it returns
a `temporary problem'. According to the log: ldap_bind() returned -1.
After a while I found a good hint here: http://www.billy.demon.nl/Eximldap.html,
so I changed
ldap_default_servers = ldapmaster.domain.example::636
That's the CN slapd uses in its certificate.
QUESTIONS:
a) Why does `exim -bt' succeed and the daemon not?
b) Shouldn't it made consistent?
c) Shouldn't be there some more descriptive error message
(I'm not sure if the openSSL lib returns more than '-1')
Suggestion:
-> The could include some hint near 'ldaps'...
Best regards from Dresden
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann HS12-RIPE -----------------------------------------
gnupg encrypted messages are welcome - key ID: 48D0359B ---------------
gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B -
