[exim] Exim hangs on ldap search

Pàgina inicial
Delete this message
Reply to this message
Autor: lbv
Data:  
A: exim-users
Assumpte: [exim] Exim hangs on ldap search

Ultimately I need to do an ldap auth against an AD ldap server, but I need to
convert the username (lvasquez) to a cn (Lou Vasquez) before I can specify
the user and this isn't working right. I do a basic ldap lookup to get the
cn. Once I get the cn I will put that into the ldapauth, but the ldap is
failing all by itself.

I've reduced it to a plain ldap search inside an "if" and its simply hanging
when it gets the cn. The pertinent config and d+all debug are pasted below.
Exim is already running on port 25 separately and is restarted with each
config change but that shouldn't be the problem as I can get this to
authenticate just fine if I put the correct cn right into an ldapauth.

Any help would be appreciated.

Thanks,
Lou

NOTE: passwords and such have been modified to protect the innocent :)

****CONFIG
login:
    driver = plaintext
    public_name = LOGIN
    server_prompts = "Username:: : Password::"
    server_condition = \
                ${if eq {"moo"}{${lookup
ldap{user="cn=secretuser,cn=Users,dc=ercbroadband,dc=local" pass=secret
ldaps://chapman.ercbroadband.org/cn=Users,dc=ercbroadband,dc=local?cn?sub?(sAMAccountName=$1)}}
{yes}{no}}
    server_set_id = $1



**DEBUG
blueridge:/etc/exim4# exim4 -d+all -bd -oX 465 -tls-on-connect
09:52:03 21821 Exim version 4.62 uid=0 gid=0 pid=21821 D=fffdffff
Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (September  6, 2005)
Support for: crypteq iconv() IPv6 PAM Perl GnuTLS move_frozen_messages
Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb
dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql
Authenticators: cram_md5 cyrus_sasl plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram
redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
...(snip)
09:52:19 21889 SMTP>> 250-blueridge.ercbroadband.org Hello [192.168.10.203]
[192.168.10.203]
09:52:19 21889 250-SIZE 52428800
09:52:19 21889 250-PIPELINING
09:52:19 21889 250-AUTH LOGIN
09:52:19 21889 250 HELP
09:52:19 21889 Calling gnutls_record_recv(816d8b0, 816f758, 4096)
09:52:19 21889 SMTP<< AUTH LOGIN
09:52:19 21889 SMTP>> 334 VXNlcm5hbWU6
09:52:19 21889 tls_do_write(811c990, 18)
09:52:19 21889 gnutls_record_send(SSL, 811c990, 18)
09:52:19 21889 outbytes=18
09:52:19 21889 Calling gnutls_record_recv(816d8b0, 816f758, 4096)
09:52:19 21889 SMTP<< bHZhc3F1ZXo=
09:52:19 21889 SMTP>> 334 UGFzc3dvcmQ6
09:52:19 21889 tls_do_write(811c990, 18)
09:52:19 21889 gnutls_record_send(SSL, 811c990, 18)
09:52:19 21889 outbytes=18
09:52:19 21889 Calling gnutls_record_recv(816d8b0, 816f758, 4096)
09:52:19 21889 SMTP<< bDB1MXMxYw==
09:52:19 21889 expanding: "moo"
09:52:19 21889    result: "moo"
09:52:19 21889 expanding:
user="cn=secretuser,cn=Users,dc=ercbroadband,dc=local" pass=secret
ldaps://chapman.ercbroadband.org/cn=Users,dc=ercbroadband,dc=local?cn?sub?(sAMAccountName=$1)
09:52:19 21889    result:
user="cn=secretuser,cn=Users,dc=ercbroadband,dc=local" pass=secret
ldaps://chapman.ercbroadband.org/cn=Users,dc=ercbroadband,dc=local?cn?sub?(sAMAccountName=lvasquez)
09:52:19 21889 search_open: ldap "NULL"
09:52:19 21889 search_find: file="NULL"
09:52:19 21889   key="user="cn=secretuser,cn=Users,dc=ercbroadband,dc=local"
pass=secret
ldaps://chapman.ercbroadband.org/cn=Users,dc=ercbroadband,dc=local?cn?sub?(sAMAccountName=lvasquez)"
partial=-1 affix=NULL starflags=0
09:52:19 21889 LRU list:
09:52:19 21889 internal_search_find: file="NULL"
09:52:19 21889   type=ldap
key="user="cn=secretuser,cn=Users,dc=ercbroadband,dc=local" pass=secret
ldaps://chapman.ercbroadband.org/cn=Users,dc=ercbroadband,dc=local?cn?sub?(sAMAccountName=lvasquez)"
09:52:19 21889 database lookup required for
user="cn=secretuser,cn=Users,dc=ercbroadband,dc=local" pass=secret
ldaps://chapman.ercbroadband.org/cn=Users,dc=ercbroadband,dc=local?cn?sub?(sAMAccountName=lvasquez)
09:52:19 21889 LDAP parameters:
user=cn=secretuser,cn=Users,dc=ercbroadband,dc=local pass=secret size=0
time=0 connect=0 dereference=0
09:52:19 21889 perform_ldap_search: ldap URL =
"ldaps://chapman.ercbroadband.org/cn=Users,dc=ercbroadband,dc=local?cn?sub?(sAMAccountName=lvasquez)"
server=NULL port=0 sizelimit=0 timelimit=0 tcplimit=0
09:52:19 21889 after ldap_url_parse: host=chapman.ercbroadband.org port=636
09:52:19 21889 ldap_initialize with URL
ldaps://chapman.ercbroadband.org:636/
09:52:19 21889 initialized for LDAP (v3) server chapman.ercbroadband.org:636
09:52:19 21889 LDAP_OPT_X_TLS_HARD set
09:52:19 21889 binding with
user=cn=secretuser,cn=Users,dc=ercbroadband,dc=local password=secret
09:52:19 21889 Start search
09:52:19 21889 ldap_result loop
09:52:19 21889 LDAP entry loop
09:52:19 21889 LDAP attr loop cn:Lou Vasquez


--
View this message in context: http://www.nabble.com/Exim-hangs-on-ldap-search-tf1980452.html#a5434409
Sent from the Exim Users forum at Nabble.com.