[exim] Compiling and using exim with LDAP on Solaris with So…

Etusivu
Poista viesti
Vastaa
Lähettäjä: Robert Bannocks
Päiväys:  
Vastaanottaja: exim-users
Uudet otsikot: Re: [exim] Compiling and using exim with LDAP on Solaris with Solarios LDAP libraries
Aihe: [exim] Compiling and using exim with LDAP on Solaris with Solarios LDAP libraries
I have build EXIM with LDAP support from Solaris. There is a problem
however - Exim or the solaris LDAP libraries

Do not follow referrals correctly. I have compiled exim against Open
ldap and the referrals work here.



I will detail what I am finding.





/usr/bin/ldapsearch -h somehost -w 'password' -D
'CN=someuser,OU=someou,DC=nhm,DC=ac,DC=uk' -b 'DC=nhm,dc=ac,dc=uk' -R
'(&(objectclass=person)(&(sAMAccountName=tested-user)(msExchUserAccountC
ontrol=0)))' mail dn samaccountname; echo $?

CN=Robert Bannocks,OU=SomeOU,DC=nhm,DC=ac,DC=uk

mail=R.Bannocks@???

sAMAccountName=robert

ldap_parse_result: No results returned

1



And the an error is returned - note this.



Now with the openldap version of things



/usr/local/opt/openldap/openldap-2.3.27/bin/ldapsearch -h somehost -w
password' -D 'CN=someuser,OU=someou,DC=nhm,DC=ac,DC=uk' -b
'DC=nhm,dc=ac,dc=uk'
'(&(objectclass=person)(&(sAMAccountName=tested-user)(msExchUserAccountC
ontrol=0)))' mail dn samaccountname; echo $?

# extended LDIF

#

# LDAPv3

# base <DC=nhm,dc=ac,dc=uk> with scope subtree

# filter:
(&(objectclass=person)(&(sAMAccountName=tested-user)(msExchUserAccountCo
ntrol=0)))

# requesting: mail dn samaccountname

#



# Robert Bannocks, SomeOU, nhm.ac.uk

dn: CN=Robert Bannocks,OU=SomeOU,DC=nhm,DC=ac,DC=uk

mail: R.Bannocks@???

sAMAccountName: robert



# search reference

ref: ldap://nhm.ac.uk/CN=Some Configuration,DC=nhm,DC=ac,DC=uk



# search result

search: 2

result: 0 Success



# numResponses: 3

# numEntries: 1

# numReferences: 1

0



Here the exit code is 0 and there has been a reference. When it comes
to using EXIM I have a router as follows:



ad_router:

driver=redirect

hide condition = ${lookup ldapdn { user=someuser pass=password \


ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=${quote_ldap:$local_part
})}}



data = $local_part@???

no_more



This validates the recipient user addresses in LDAP.



With the version of EXIM compiled against OpenLDAP this works:



17:26:28 18195 --------> ad_router router <--------

17:26:28 18195 local_part=tested-user domain=somesubdomain.nhm.ac.uk

17:26:28 18195 checking "condition"

17:26:28 18195 expanding: $local_part

17:26:28 18195    result: tested-user


17:26:28 18195 expanding: user=someuser pass=password
ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=${quote_ldap:$local_part
})

17:26:28 18195    result:  user=someuser pass=password
ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=tested-user)


17:26:28 18195 search_open: ldapdn "NULL"

17:26:28 18195 search_find: file="NULL"

17:26:28 18195 key="user=someuser pass=password
ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=tested-user)" partial=-1
affix=NULL starflags=0

17:26:28 18195 LRU list:

17:26:28 18195 internal_search_find: file="NULL"

17:26:28 18195 type=ldapdn key="user=someuser pass=password
ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=tested-user)"

17:26:28 18195 database lookup required for user=someuser pass=password
ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=tested-user)

17:26:28 18195 LDAP parameters: user=Someuser pass=password size=0
time=0 connect=0 dereference=0 referrals=on

17:26:28 18195 perform_ldap_search: ldapdn URL =
"ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=tested-user)"
server=somehost.nhm.ac.uk port=0 sizelimit=0 timelimit=0 tcplimit=0

17:26:28 18195 after ldap_url_parse: host=someuser.nhm.ac.uk port=0

17:26:28 18195 ldap_initialize with URL ldap://somehost.nhm.ac.uk:389/

17:26:28 18195 initialized for LDAP (v3) server somehost.nhm.ac.uk:389

17:26:28 18195 LDAP_OPT_X_TLS_TRY set

17:26:28 18195 binding with user=Someuser password=password

17:26:28 18195 Start search

17:26:28 18195 ldap_result loop

17:26:28 18195 LDAP entry loop

17:26:28 18195 search ended by ldap_result yielding 115

17:26:28 18195 ldap_parse_result: -14

17:26:28 18195 ldap_parse_result yielded 0: Success

17:26:28 18195 LDAP search: returning: CN=Robert
Bannocks,OU=SomeOU,DC=nhm,DC=ac,DC=uk

17:26:28 18195 lookup yielded: CN=Robert
Bannocks,OU=SomeOU,DC=nhm,DC=ac,DC=uk

17:26:28 18195 expanding: ${lookup ldapdn { user=Someuser pass=password
ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=${quote_ldap:$local_part
})}}

17:26:28 18195    result: CN=Robert
Bannocks,OU=SomeOU,DC=nhm,DC=ac,DC=uk


17:26:28 18195 calling ad_router router

17:26:28 18195 rda_interpret (string): $local_part@???

17:26:28 18195 expanding: $local_part@???

17:26:28 18195    result: tested-user@???


17:26:28 18195 expanded: tested-user@???

17:26:28 18195 file is not a filter file

17:26:28 18195 parse_forward_list: tested-user@???

17:26:28 18195 extract item: tested-user@???

17:26:28 18195 ad_router router generated tested-user@???

17:26:28 18195 errors_to=NULL transport=NULL

17:26:28 18195 uid=unset gid=unset home=NULL

17:26:28 18195 routed by ad_router router

17:26:28 18195 envelope to: tested-user@???

17:26:28 18195 transport: <none>

17:26:28 18195 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

17:26:28 18195 Considering tested-user@???

17:26:28 18195 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>



Output cut but Exim sucessfullt follows the reroute.



With the version compiled against Solaris LDAP libraries on the same
test I get:



17:34:52 18202 Testing someuser@???

17:34:52 18202 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

17:34:52 18202 Considering someuser@???

17:34:52 18202 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

17:34:52 18202 routing someuser@???

17:34:52 18202 --------> dnslookup router <--------

17:34:52 18202 local_part=someuser domain=somesubdomain.nhm.ac.uk

17:34:52 18202 checking domains

17:34:52 18202 somesubdomain.nhm.ac.uk in "@"? yes (matched "@")

17:34:52 18202 somesubdomain.nhm.ac.uk in "! +local_domains"? no
(matched "! +local_domains")

17:34:52 18202 dnslookup router skipped: domains mismatch

17:34:52 18202 --------> ad_router router <--------

17:34:52 18202 local_part=someuser domain=somesubdomain.nhm.ac.uk

17:34:52 18202 checking "condition"

17:34:52 18202 expanding: $local_part

17:34:52 18202    result: someuser


17:34:52 18202 expanding: user=Someuser pass=password
ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=${quote_ldap:$local_part
})

17:34:52 18202    result:  user=Someuser pass=password
ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=someuser)


17:34:52 18202 search_open: ldapdn "NULL"

17:34:52 18202 search_find: file="NULL"

17:34:52 18202 key="user=Someuser pass=password
ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=someuser)" partial=-1
affix=NULL starflags=0

17:34:52 18202 LRU list:

17:34:52 18202 internal_search_find: file="NULL"

17:34:52 18202 type=ldapdn key="user=Someuser pass=password
ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=someuser)"

17:34:52 18202 database lookup required for user=Someuser pass=password
ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=someuser)

17:34:52 18202 LDAP parameters: user=Someuser pass=password size=0
time=0 connect=0 dereference=0 referrals=on

17:34:52 18202 perform_ldap_search: ldapdn URL =
"ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=someuser)"
server=somehost.nhm.ac.uk port=0 sizelimit=0 timelimit=0 tcplimit=0

17:34:52 18202 after ldap_url_parse: host=somehost.nhm.ac.uk port=0

17:34:52 18202 initialized for LDAP (v3) server somehost.nhm.ac.uk:389

17:34:52 18202 binding with user=Someuser password=password

17:34:52 18202 Start search

17:34:52 18202 ldap_result loop

17:34:52 18202 LDAP entry loop

17:34:52 18202 search ended by ldap_result yielding 115

17:34:52 18202 ldap_parse_result: 94

17:34:52 18202 ldap_parse_result yielded 115: Unknown error

17:34:52 18202 LDAP search failed - error 115: Unknown error

17:34:52 18202 lookup deferred: LDAP search failed - error 115: Unknown
error

17:34:52 18202 failed to expand: ${lookup ldapdn { user=Someuser
pass=password
ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=${quote_ldap:$local_part
})}}

17:34:52 18202    error message: lookup of "user=Someuser pass=password
ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=someuser)" gave DEFER:
LDAP search failed - error 115: Unknown error


17:34:52 18202 condition check lookup defer

someuser@??? cannot be resolved at this time:

condition check lookup defer

17:34:52 18202 search_tidyup called

17:34:52 18202 unbind LDAP connection to somehost.nhm.ac.uk:389

17:34:52 18202 >>>>>>>>>>>>>>>> Exim pid=18202 terminating with rc=1
>>>>>>>>>>>>>>>>




The key difference here is the part:



17:34:52 18202 search ended by ldap_result yielding 115

17:34:52 18202 ldap_parse_result: 94

17:34:52 18202 ldap_parse_result yielded 115: Unknown error

17:34:52 18202 LDAP search failed - error 115: Unknown error

17:34:52 18202 lookup deferred: LDAP search failed - error 115: Unknown
error

17:34:52 18202 failed to expand: ${lookup ldapdn { user=Someuser
pass=password
ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=${quote_ldap:$local_part
})}}

17:34:52 18202    error message: lookup of "user=Someuser pass=password
ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=someuser)" gave DEFER:
LDAP search failed - error 115: Unknown error


17:34:52 18202 condition check lookup defer

someuser@??? cannot be resolved at this time:

condition check lookup defer

17:34:52 18202 search_tidyup called

17:34:52 18202 unbind LDAP connection to somehost.nhm.ac.uk:389

17:34:52 18202 >>>>>>>>>>>>>>>> Exim pid=18202 terminating with rc=1
>>>>>>>>>>>>>>>>




I would much prefer to have LDAP compiled against Solaris' LDAP
libraries. Can anyone assist.



Regards.



Rob