Ultimately I need to do an ldap auth against an AD ldap server, but I need to
convert the username (lvasquez) to a cn (Lou Vasquez) before I can specify
the user and this isn't working right. I do a basic ldap lookup to get the
cn. Once I get the cn I will put that into the ldapauth, but the ldap is
failing all by itself.
I've reduced it to a plain ldap search inside an "if" and its simply hanging
when it gets the cn. The pertinent config and d+all debug are pasted below.
Exim is already running on port 25 separately and is restarted with each
config change but that shouldn't be the problem as I can get this to
authenticate just fine if I put the correct cn right into an ldapauth.
Any help would be appreciated.
Thanks,
Lou
NOTE: passwords and such have been modified to protect the innocent :)
****CONFIG
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = \
${if eq {"moo"}{${lookup
ldap{user="cn=secretuser,cn=Users,dc=ercbroadband,dc=local" pass=secret
ldaps://chapman.ercbroadband.org/cn=Users,dc=ercbroadband,dc=local?cn?sub?(sAMAccountName=$1)}}
{yes}{no}}
server_set_id = $1
**DEBUG
blueridge:/etc/exim4# exim4 -d+all -bd -oX 465 -tls-on-connect
09:52:03 21821 Exim version 4.62 uid=0 gid=0 pid=21821 D=fffdffff
Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (September 6, 2005)
Support for: crypteq iconv() IPv6 PAM Perl GnuTLS move_frozen_messages
Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb
dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql
Authenticators: cram_md5 cyrus_sasl plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram
redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
...(snip)
09:52:19 21889 SMTP>> 250-blueridge.ercbroadband.org Hello [192.168.10.203]
[192.168.10.203]
09:52:19 21889 250-SIZE 52428800
09:52:19 21889 250-PIPELINING
09:52:19 21889 250-AUTH LOGIN
09:52:19 21889 250 HELP
09:52:19 21889 Calling gnutls_record_recv(816d8b0, 816f758, 4096)
09:52:19 21889 SMTP<< AUTH LOGIN
09:52:19 21889 SMTP>> 334 VXNlcm5hbWU6
09:52:19 21889 tls_do_write(811c990, 18)
09:52:19 21889 gnutls_record_send(SSL, 811c990, 18)
09:52:19 21889 outbytes=18
09:52:19 21889 Calling gnutls_record_recv(816d8b0, 816f758, 4096)
09:52:19 21889 SMTP<< bHZhc3F1ZXo=
09:52:19 21889 SMTP>> 334 UGFzc3dvcmQ6
09:52:19 21889 tls_do_write(811c990, 18)
09:52:19 21889 gnutls_record_send(SSL, 811c990, 18)
09:52:19 21889 outbytes=18
09:52:19 21889 Calling gnutls_record_recv(816d8b0, 816f758, 4096)
09:52:19 21889 SMTP<< bDB1MXMxYw==
09:52:19 21889 expanding: "moo"
09:52:19 21889 result: "moo"
09:52:19 21889 expanding:
user="cn=secretuser,cn=Users,dc=ercbroadband,dc=local" pass=secret
ldaps://chapman.ercbroadband.org/cn=Users,dc=ercbroadband,dc=local?cn?sub?(sAMAccountName=$1)
09:52:19 21889 result:
user="cn=secretuser,cn=Users,dc=ercbroadband,dc=local" pass=secret
ldaps://chapman.ercbroadband.org/cn=Users,dc=ercbroadband,dc=local?cn?sub?(sAMAccountName=lvasquez)
09:52:19 21889 search_open: ldap "NULL"
09:52:19 21889 search_find: file="NULL"
09:52:19 21889 key="user="cn=secretuser,cn=Users,dc=ercbroadband,dc=local"
pass=secret
ldaps://chapman.ercbroadband.org/cn=Users,dc=ercbroadband,dc=local?cn?sub?(sAMAccountName=lvasquez)"
partial=-1 affix=NULL starflags=0
09:52:19 21889 LRU list:
09:52:19 21889 internal_search_find: file="NULL"
09:52:19 21889 type=ldap
key="user="cn=secretuser,cn=Users,dc=ercbroadband,dc=local" pass=secret
ldaps://chapman.ercbroadband.org/cn=Users,dc=ercbroadband,dc=local?cn?sub?(sAMAccountName=lvasquez)"
09:52:19 21889 database lookup required for
user="cn=secretuser,cn=Users,dc=ercbroadband,dc=local" pass=secret
ldaps://chapman.ercbroadband.org/cn=Users,dc=ercbroadband,dc=local?cn?sub?(sAMAccountName=lvasquez)
09:52:19 21889 LDAP parameters:
user=cn=secretuser,cn=Users,dc=ercbroadband,dc=local pass=secret size=0
time=0 connect=0 dereference=0
09:52:19 21889 perform_ldap_search: ldap URL =
"ldaps://chapman.ercbroadband.org/cn=Users,dc=ercbroadband,dc=local?cn?sub?(sAMAccountName=lvasquez)"
server=NULL port=0 sizelimit=0 timelimit=0 tcplimit=0
09:52:19 21889 after ldap_url_parse: host=chapman.ercbroadband.org port=636
09:52:19 21889 ldap_initialize with URL
ldaps://chapman.ercbroadband.org:636/
09:52:19 21889 initialized for LDAP (v3) server chapman.ercbroadband.org:636
09:52:19 21889 LDAP_OPT_X_TLS_HARD set
09:52:19 21889 binding with
user=cn=secretuser,cn=Users,dc=ercbroadband,dc=local password=secret
09:52:19 21889 Start search
09:52:19 21889 ldap_result loop
09:52:19 21889 LDAP entry loop
09:52:19 21889 LDAP attr loop cn:Lou Vasquez
--
View this message in context:
http://www.nabble.com/Exim-hangs-on-ldap-search-tf1980452.html#a5434409
Sent from the Exim Users forum at Nabble.com.