[exim] exim LDAP bug with default *@ lookups?

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Phil Pennock
Ημερομηνία:  
Προς: exim-users
Παλιά Θέματα: [exim] wildcard lookup with LDAP?
Αντικείμενο: [exim] exim LDAP bug with default *@ lookups?
On 2006-11-20 at 09:39 +0100, Marten Lehmann wrote:
> how can I use wildcard-lookups with LDAP?


Can someone experienced with LDAP/exim tell me if I've hit a bug whilst
looking into answering this? I can't be sure because it's barfing in
the client side without talking to the server.

Looking up two attributes, one of which exists and one doesn't, I get
the text below; the second lookup issues the LDAP query but then fails
internally when trying to do the *@ fallback. Same problem if I use
ldap*@ instead of ldapm*@. It seems that Exim trying to construct the
*@ fallback puts something bad into the ldap client libraries.

"exim -be", syslog from slapd, "exim -d+all -be".

(and anyone with a brain can guess the real value of "spammers-foad" --
I get too much spam trying to reach me at any address used to post to
exim-users)

Regards,
-Phil

----------------------------8< cut here >8------------------------------
$ exim -be
> ${lookup ldapm*@ {ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-foad@???)}}

Phil Pennock
> ${lookup ldapm*@ {ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-fred@???)}}

Failed: lookup of "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-fred@???)" gave DEFER: malformed parameter setting precedes LDAP URL
----------------------------8< cut here >8------------------------------

----------------------------8< cut here >8------------------------------
conn=10 fd=12 ACCEPT from PATH=/var/run/openldap/ldapi
(PATH=/var/run/openldap/ldapi)
conn=10 op=0 BIND dn="" method=128
conn=10 op=0 RESULT tag=97 err=0 text=
conn=10 op=1 SRCH base="ou=People,dc=spodhuis,dc=org" scope=2 deref=0
filter="(mail=spammers-foad@???)"
conn=10 op=1 SRCH attr=cn
conn=10 op=1 ENTRY dn="uid=spammers-foad,ou=people,dc=spodhuis,dc=org"
conn=10 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=10 op=2 SRCH base="ou=People,dc=spodhuis,dc=org" scope=2 deref=0
filter="(mail=spammers-fred@???)"
conn=10 op=2 SRCH attr=cn
conn=10 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
----------------------------8< cut here >8------------------------------

----------------------------8< cut here >8------------------------------
$ exim -d+all -be
00:42:42 72871 Exim version 4.63 [...]
Berkeley DB: Sleepycat Software: Berkeley DB 4.4.20: (January 10, 2006)
Support for: crypteq iconv() IPv6 use_setclassresources Perl TCPwrappers OpenSSL Content_Scanning Old_Demime Experimental_DomainKeys
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm passwd pgsql
Authenticators: cram_md5 cyrus_sasl plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
00:42:42 72871 changed uid/gid: [.....]
[...]

> ${lookup ldapm*@ {ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-foad@???)}}

23:42:53 72871 expanding: ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-foad@???)
23:42:53 72871    result: ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-foad@???)
23:42:53 72871 search_open: ldapm "NULL"
23:42:53 72871 search_find: file="NULL"
23:42:53 72871   key="ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-foad@???)" partial=-1 affix=NULL starflags=2
23:42:53 72871 LRU list:
23:42:53 72871 internal_search_find: file="NULL"
23:42:53 72871   type=ldapm key="ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-foad@???)"
23:42:53 72871 database lookup required for ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-foad@???)
23:42:53 72871 LDAP parameters: user=NULL pass=NULL size=0 time=0 connect=0 dereference=0 referrals=on
23:42:53 72871 perform_ldap_search: ldapm URL = "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-foad@???)" server=NULL port=0 sizelimit=0 timelimit=0 tcplimit=0
23:42:53 72871 after ldap_url_parse: host=/var/run/openldap/ldapi port=0
23:42:53 72871 ldap_initialize with URL ldapi://%2Fvar%2Frun%2Fopenldap%2Fldapi
23:42:53 72871 initialized for LDAP (v3) server /var/run/openldap/ldapi
23:42:53 72871 binding with user=NULL password=NULL
23:42:53 72871 Start search
23:42:53 72871 ldap_result loop
23:42:53 72871 LDAP entry loop
23:42:53 72871 LDAP attr loop cn:Phil Pennock
23:42:53 72871 search ended by ldap_result yielding 101
23:42:53 72871 ldap_parse_result: 0
23:42:53 72871 ldap_parse_result yielded 0: Success
23:42:53 72871 LDAP search: returning: Phil Pennock
23:42:53 72871 lookup yielded: Phil Pennock
23:42:53 72871 expanding: ${lookup ldapm*@ {ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-foad@???)}}
23:42:53 72871    result: Phil Pennock
Phil Pennock


> ${lookup ldapm*@ {ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-fred@???)}}

23:42:59 72871 expanding: ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-fred@???)
23:42:59 72871    result: ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-fred@???)
23:42:59 72871 search_open: ldapm "NULL"
23:42:59 72871   cached open
23:42:59 72871 search_find: file="NULL"
23:42:59 72871   key="ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-fred@???)" partial=-1 affix=NULL starflags=2
23:42:59 72871 LRU list:
23:42:59 72871 internal_search_find: file="NULL"
23:42:59 72871   type=ldapm key="ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-fred@???)"
23:42:59 72871 database lookup required for ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-fred@???)
23:42:59 72871 LDAP parameters: user=NULL pass=NULL size=0 time=0 connect=0 dereference=0 referrals=on
23:42:59 72871 perform_ldap_search: ldapm URL = "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-fred@???)" server=NULL port=0 sizelimit=0 timelimit=0 tcplimit=0
23:42:59 72871 after ldap_url_parse: host=/var/run/openldap/ldapi port=0
23:42:59 72871 re-using cached connection to LDAP server /var/run/openldap/ldapi
23:42:59 72871 Start search
23:42:59 72871 search ended by ldap_result yielding 101
23:42:59 72871 ldap_parse_result: 0
23:42:59 72871 ldap_parse_result yielded 0: Success
23:42:59 72871 LDAP search: no results
23:42:59 72871 lookup failed
23:42:59 72871 trying default match *@spodhuis.org)
23:42:59 72871 internal_search_find: file="NULL"
23:42:59 72871   type=ldapm key="*@spodhuis.org)"
23:42:59 72871 database lookup required for *@spodhuis.org)
23:42:59 72871 LDAP query error: malformed parameter setting precedes LDAP URL
23:42:59 72871 lookup deferred: malformed parameter setting precedes LDAP URL
23:42:59 72871 failed to expand: ${lookup ldapm*@ {ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-fred@???)}}
23:42:59 72871    error message: lookup of "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-fred@???)" gave DEFER: malformed parameter setting precedes LDAP URL
Failed: lookup of "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ou=People,dc=spodhuis,dc=org?cn?sub?(mail=spammers-fred@???)" gave DEFER: malformed parameter setting precedes LDAP URL
----------------------------8< cut here >8------------------------------