Re: [exim] Compiling and using exim with LDAP on Solaris with Solarios LDAP libraries

Author: Christian Kuehn
Date:
To: Robert Bannocks
CC: exim-users
Old-Topics: [exim] Compiling and using exim with LDAP on Solaris with Solarios LDAP libraries
Subject: Re: [exim] Compiling and using exim with LDAP on Solaris with Solarios LDAP libraries

I have the same problem now, libldap from Solaris10 returns the correct answer,
but the return-code 94 and the exim-lookup fails.

Any solutions ??

Kind Regards
Christian

Robert Bannocks wrote:
> I have build EXIM with LDAP support from Solaris. There is a problem
> however - Exim or the solaris LDAP libraries
>
> Do not follow referrals correctly. I have compiled exim against Open
> ldap and the referrals work here.
>
>
>
> I will detail what I am finding.
>
>
>
>
>
> /usr/bin/ldapsearch -h somehost -w 'password' -D
> 'CN=someuser,OU=someou,DC=nhm,DC=ac,DC=uk' -b 'DC=nhm,dc=ac,dc=uk' -R
> '(&(objectclass=person)(&(sAMAccountName=tested-user)(msExchUserAccountC
> ontrol=0)))' mail dn samaccountname; echo $?
>
> CN=Robert Bannocks,OU=SomeOU,DC=nhm,DC=ac,DC=uk
>
> mail=R.Bannocks@???
>
> sAMAccountName=robert
>
> ldap_parse_result: No results returned
>
> 1
>
>
>
> And the an error is returned - note this.
>
>
>
> Now with the openldap version of things
>
>
>
> /usr/local/opt/openldap/openldap-2.3.27/bin/ldapsearch -h somehost -w
> password' -D 'CN=someuser,OU=someou,DC=nhm,DC=ac,DC=uk' -b
> 'DC=nhm,dc=ac,dc=uk'
> '(&(objectclass=person)(&(sAMAccountName=tested-user)(msExchUserAccountC
> ontrol=0)))' mail dn samaccountname; echo $?
>
> # extended LDIF
>
> #
>
> # LDAPv3
>
> # base <DC=nhm,dc=ac,dc=uk> with scope subtree
>
> # filter:
> (&(objectclass=person)(&(sAMAccountName=tested-user)(msExchUserAccountCo
> ntrol=0)))
>
> # requesting: mail dn samaccountname
>
> #
>
>
>
> # Robert Bannocks, SomeOU, nhm.ac.uk
>
> dn: CN=Robert Bannocks,OU=SomeOU,DC=nhm,DC=ac,DC=uk
>
> mail: R.Bannocks@???
>
> sAMAccountName: robert
>
>
>
> # search reference
>
> ref: ldap://nhm.ac.uk/CN=Some Configuration,DC=nhm,DC=ac,DC=uk
>
>
>
> # search result
>
> search: 2
>
> result: 0 Success
>
>
>
> # numResponses: 3
>
> # numEntries: 1
>
> # numReferences: 1
>
> 0
>
>
>
> Here the exit code is 0 and there has been a reference. When it comes
> to using EXIM I have a router as follows:
>
>
>
> ad_router:
>
> driver=redirect
>
> hide condition = ${lookup ldapdn { user=someuser pass=password \
>
>
> ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=${quote_ldap:$local_part
> })}}
>
>
>
> data = $local_part@???
>
> no_more
>
>
>
> This validates the recipient user addresses in LDAP.
>
>
>
> With the version of EXIM compiled against OpenLDAP this works:
>
>
>
> 17:26:28 18195 --------> ad_router router <--------
>
> 17:26:28 18195 local_part=tested-user domain=somesubdomain.nhm.ac.uk
>
> 17:26:28 18195 checking "condition"
>
> 17:26:28 18195 expanding: $local_part
>
> 17:26:28 18195 result: tested-user

>
> 17:26:28 18195 expanding: user=someuser pass=password
> ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=${quote_ldap:$local_part
> })
>
> 17:26:28 18195 result: user=someuser pass=password > ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=tested-user)

>
> 17:26:28 18195 search_open: ldapdn "NULL"
>
> 17:26:28 18195 search_find: file="NULL"
>
> 17:26:28 18195 key="user=someuser pass=password
> ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=tested-user)" partial=-1
> affix=NULL starflags=0
>
> 17:26:28 18195 LRU list:
>
> 17:26:28 18195 internal_search_find: file="NULL"
>
> 17:26:28 18195 type=ldapdn key="user=someuser pass=password
> ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=tested-user)"
>
> 17:26:28 18195 database lookup required for user=someuser pass=password
> ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=tested-user)
>
> 17:26:28 18195 LDAP parameters: user=Someuser pass=password size=0
> time=0 connect=0 dereference=0 referrals=on
>
> 17:26:28 18195 perform_ldap_search: ldapdn URL =
> "ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=tested-user)"
> server=somehost.nhm.ac.uk port=0 sizelimit=0 timelimit=0 tcplimit=0
>
> 17:26:28 18195 after ldap_url_parse: host=someuser.nhm.ac.uk port=0
>
> 17:26:28 18195 ldap_initialize with URL ldap://somehost.nhm.ac.uk:389/
>
> 17:26:28 18195 initialized for LDAP (v3) server somehost.nhm.ac.uk:389
>
> 17:26:28 18195 LDAP_OPT_X_TLS_TRY set
>
> 17:26:28 18195 binding with user=Someuser password=password
>
> 17:26:28 18195 Start search
>
> 17:26:28 18195 ldap_result loop
>
> 17:26:28 18195 LDAP entry loop
>
> 17:26:28 18195 search ended by ldap_result yielding 115
>
> 17:26:28 18195 ldap_parse_result: -14
>
> 17:26:28 18195 ldap_parse_result yielded 0: Success
>
> 17:26:28 18195 LDAP search: returning: CN=Robert
> Bannocks,OU=SomeOU,DC=nhm,DC=ac,DC=uk
>
> 17:26:28 18195 lookup yielded: CN=Robert
> Bannocks,OU=SomeOU,DC=nhm,DC=ac,DC=uk
>
> 17:26:28 18195 expanding: ${lookup ldapdn { user=Someuser pass=password
> ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=${quote_ldap:$local_part
> })}}
>
> 17:26:28 18195 result: CN=Robert > Bannocks,OU=SomeOU,DC=nhm,DC=ac,DC=uk

>
> 17:26:28 18195 calling ad_router router
>
> 17:26:28 18195 rda_interpret (string): $local_part@???
>
> 17:26:28 18195 expanding: $local_part@???
>
> 17:26:28 18195 result: tested-user@???

>
> 17:26:28 18195 expanded: tested-user@???
>
> 17:26:28 18195 file is not a filter file
>
> 17:26:28 18195 parse_forward_list: tested-user@???
>
> 17:26:28 18195 extract item: tested-user@???
>
> 17:26:28 18195 ad_router router generated tested-user@???
>
> 17:26:28 18195 errors_to=NULL transport=NULL
>
> 17:26:28 18195 uid=unset gid=unset home=NULL
>
> 17:26:28 18195 routed by ad_router router
>
> 17:26:28 18195 envelope to: tested-user@???
>
> 17:26:28 18195 transport: <none>
>
> 17:26:28 18195 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>
> 17:26:28 18195 Considering tested-user@???
>
> 17:26:28 18195 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>
>
>
> Output cut but Exim sucessfullt follows the reroute.
>
>
>
> With the version compiled against Solaris LDAP libraries on the same
> test I get:
>
>
>
> 17:34:52 18202 Testing someuser@???
>
> 17:34:52 18202 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>
> 17:34:52 18202 Considering someuser@???
>
> 17:34:52 18202 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>
> 17:34:52 18202 routing someuser@???
>
> 17:34:52 18202 --------> dnslookup router <--------
>
> 17:34:52 18202 local_part=someuser domain=somesubdomain.nhm.ac.uk
>
> 17:34:52 18202 checking domains
>
> 17:34:52 18202 somesubdomain.nhm.ac.uk in "@"? yes (matched "@")
>
> 17:34:52 18202 somesubdomain.nhm.ac.uk in "! +local_domains"? no
> (matched "! +local_domains")
>
> 17:34:52 18202 dnslookup router skipped: domains mismatch
>
> 17:34:52 18202 --------> ad_router router <--------
>
> 17:34:52 18202 local_part=someuser domain=somesubdomain.nhm.ac.uk
>
> 17:34:52 18202 checking "condition"
>
> 17:34:52 18202 expanding: $local_part
>
> 17:34:52 18202 result: someuser

>
> 17:34:52 18202 expanding: user=Someuser pass=password
> ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=${quote_ldap:$local_part
> })
>
> 17:34:52 18202 result: user=Someuser pass=password > ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=someuser)

>
> 17:34:52 18202 search_open: ldapdn "NULL"
>
> 17:34:52 18202 search_find: file="NULL"
>
> 17:34:52 18202 key="user=Someuser pass=password
> ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=someuser)" partial=-1
> affix=NULL starflags=0
>
> 17:34:52 18202 LRU list:
>
> 17:34:52 18202 internal_search_find: file="NULL"
>
> 17:34:52 18202 type=ldapdn key="user=Someuser pass=password
> ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=someuser)"
>
> 17:34:52 18202 database lookup required for user=Someuser pass=password
> ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=someuser)
>
> 17:34:52 18202 LDAP parameters: user=Someuser pass=password size=0
> time=0 connect=0 dereference=0 referrals=on
>
> 17:34:52 18202 perform_ldap_search: ldapdn URL =
> "ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=someuser)"
> server=somehost.nhm.ac.uk port=0 sizelimit=0 timelimit=0 tcplimit=0
>
> 17:34:52 18202 after ldap_url_parse: host=somehost.nhm.ac.uk port=0
>
> 17:34:52 18202 initialized for LDAP (v3) server somehost.nhm.ac.uk:389
>
> 17:34:52 18202 binding with user=Someuser password=password
>
> 17:34:52 18202 Start search
>
> 17:34:52 18202 ldap_result loop
>
> 17:34:52 18202 LDAP entry loop
>
> 17:34:52 18202 search ended by ldap_result yielding 115
>
> 17:34:52 18202 ldap_parse_result: 94
>
> 17:34:52 18202 ldap_parse_result yielded 115: Unknown error
>
> 17:34:52 18202 LDAP search failed - error 115: Unknown error
>
> 17:34:52 18202 lookup deferred: LDAP search failed - error 115: Unknown
> error
>
> 17:34:52 18202 failed to expand: ${lookup ldapdn { user=Someuser
> pass=password
> ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=${quote_ldap:$local_part
> })}}
>
> 17:34:52 18202 error message: lookup of "user=Someuser pass=password > ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=someuser)" gave DEFER: > LDAP search failed - error 115: Unknown error

>
> 17:34:52 18202 condition check lookup defer
>
> someuser@??? cannot be resolved at this time:
>
> condition check lookup defer
>
> 17:34:52 18202 search_tidyup called
>
> 17:34:52 18202 unbind LDAP connection to somehost.nhm.ac.uk:389
>
> 17:34:52 18202 >>>>>>>>>>>>>>>> Exim pid=18202 terminating with rc=1
>
>
>
> The key difference here is the part:
>
>
>
> 17:34:52 18202 search ended by ldap_result yielding 115
>
> 17:34:52 18202 ldap_parse_result: 94
>
> 17:34:52 18202 ldap_parse_result yielded 115: Unknown error
>
> 17:34:52 18202 LDAP search failed - error 115: Unknown error
>
> 17:34:52 18202 lookup deferred: LDAP search failed - error 115: Unknown
> error
>
> 17:34:52 18202 failed to expand: ${lookup ldapdn { user=Someuser
> pass=password
> ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=${quote_ldap:$local_part
> })}}
>
> 17:34:52 18202 error message: lookup of "user=Someuser pass=password > ldap:///DC=nhm,DC=ac,DC=uk??sub?(sAMAccountName=someuser)" gave DEFER: > LDAP search failed - error 115: Unknown error

>
> 17:34:52 18202 condition check lookup defer
>
> someuser@??? cannot be resolved at this time:
>
> condition check lookup defer
>
> 17:34:52 18202 search_tidyup called
>
> 17:34:52 18202 unbind LDAP connection to somehost.nhm.ac.uk:389
>
> 17:34:52 18202 >>>>>>>>>>>>>>>> Exim pid=18202 terminating with rc=1
>
>
>
> I would much prefer to have LDAP compiled against Solaris' LDAP
> libraries. Can anyone assist.
>
>
>
> Regards.
>
>
>
> Rob
>
>
>
>
>

--
Christian Kuehn
Manstadtsweg 8, 22309 Hamburg
Tel. +49 40 40197232
Fax. +49 40 40197230
eMail: christian@???

This message is part of the following thread:
	the complete thread tree sorted by date

	Robert Bannocks at

Re: [exim] Compiling and using exim with LDAP on Solaris wit…