[exim-dev] [Bug 568] New: ldap lookups seem to require a TLS…

Pàgina inicial
Delete this message
Reply to this message
Autor: Olivier Delemar
Data:  
A: exim-dev
Assumptes nous: [exim-dev] [Bug 568] ldap lookups seem to require a TLS capable LDAP server, [exim-dev] [Bug 568] ldap lookups seem to require a TLS capable LDAP server
Assumpte: [exim-dev] [Bug 568] New: ldap lookups seem to require a TLS capable LDAP server
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=568
           Summary: ldap lookups seem to require a TLS capable LDAP server
           Product: Exim
           Version: 4.63
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: bug
          Priority: high
         Component: Lookups
        AssignedTo: ph10@???
        ReportedBy: olivier.delemar@???
                CC: exim-dev@???



I'm trying to lookup entries in a Lotus Domino LDAP server from an Exim ACL.
The query works just fine whith an cli ldap client:

root# ldapsearch -H ldap://ladoix -x -b 'o=genomex,c=fr'
'(|(cn=o.delemar)(shortname=o.delemar)(uid=o.delemar)(mail=o.delemar@???))'
dn -LLL
dn: CN=Olivier Delemar,OU=DL,OU=Meylan,O=Genomex,C=FR

(please note the '-x' option which means "Use simple authentication instead of
SASL.")

but fails in the acl:

18:37:21 20141 using ACL "acl_check_rcpt"
18:37:21 20141 processing "warn"
18:37:21 20141 expanding: 
ldap://ladoix/o=genomex,c=fr?uid?sub?(|(cn=${local_part})(shortname=${local_part})(uid=${local_part})(mail=${local_part}@${domain}))
18:37:21 20141    result: 
ldap://ladoix/o=genomex,c=fr?uid?sub?(|(cn=odelmar)(shortname=odelmar)(uid=odelmar)(mail=odelmar@???))
18:37:21 20141 search_open: ldap "NULL"
18:37:21 20141 search_find: file="NULL"
18:37:21 20141  
key="ldap://ladoix/o=genomex,c=fr?uid?sub?(|(cn=odelmar)(shortname=odelmar)(uid=odelmar)(mail=odelmar@???))"
partial=-1 affix=NULL starflags=0
18:37:21 20141 LRU list:
18:37:21 20141 internal_search_find: file="NULL"
18:37:21 20141   type=ldap
key="ldap://ladoix/o=genomex,c=fr?uid?sub?(|(cn=odelmar)(shortname=odelmar)(uid=odelmar)(mail=odelmar@???))"
18:37:21 20141 database lookup required for
ldap://ladoix/o=genomex,c=fr?uid?sub?(|(cn=odelmar)(shortname=odelmar)(uid=odelmar)(mail=odelmar@???))
18:37:21 20141 LDAP parameters: user=NULL pass=NULL size=0 time=0 connect=0
dereference=0 referrals=on
18:37:21 20141 perform_ldap_search: ldap URL =
"ldap://ladoix/o=genomex,c=fr?uid?sub?(|(cn=odelmar)(shortname=odelmar)(uid=odelmar)(mail=odelmar@???))"
server=NULL port=0 sizelimit=0 timelimit=0 tcplimit=0
18:37:21 20141 after ldap_url_parse: host=ladoix port=389
18:37:21 20141 ldap_initialize with URL ldap://ladoix:389/
18:37:21 20141 initialized for LDAP (v3) server ladoix:389
18:37:21 20141 LDAP_OPT_X_TLS_TRY set
18:37:21 20141 binding with user=NULL password=NULL
18:37:21 20141 failed to bind the LDAP connection to server ladoix:389 -
ldap_bind() returned -1
18:37:21 20141 lookup deferred: failed to bind the LDAP connection to server
ladoix:389 - ldap_bind() returned -1


I'm wondering if "LDAP_OPT_X_TLS_TRY set" is not the point.

I have another install with an OpenLDAP, SSL capable LDAP server, and my ldap
lookups (in router rules) work like a charm.

Regards,

Olivier Delemar


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email