Hello,
I've submited a bug repport
(
http://bugs.exim.org/show_bug.cgi?id=568) about this problem and it was
suggested that I post my request here, where there should be LDAP
specialists.
To make the long story short, I can send requests
to a Lotus Domino LDAP service with "ldapsearch" over a non-TLS
connection (option "-x"), I cant lookup LDAP entries in an
OpenLDAP, TLS capable LDAP server from exim4 ACLs or routers, but I can't
connect to the Domino LDAP service from exim ACL/routers.
An
"exim4 -d+all -bh <ip address>" give me the following
error lines :
13:49:52 7886 ldap_initialize with URL
ldap://ladoix:389/
13:49:52 7886 initialized for LDAP (v3)
server ladoix:389
13:49:52 7395 LDAP_OPT_X_TLS_TRY set
13:49:52 7395 binding with user=NULL password=NULL
13:49:52 7395 failed to bind the LDAP connection to server
ladoix:389 - ldap_bind() returned -1
13:49:52 7395 lookup
deferred: failed to bind the LDAP connection to server ladoix:389 -
ldap_bind() returned -1
With a non-annonymous connection::
14:15:05 7886 ldap_initialize with URL ldap://ladoix:389/
14:15:05 7886 initialized for LDAP (v3) server ladoix:389
14:15:05 7886 LDAP_OPT_X_TLS_TRY set
14:15:05 7886
binding with user=CN=Olivier Delemar,OU=DL,OU=Meylan,O=Genomex,C=FR
password=supersecret
14:15:05 7886 failed to bind the LDAP
connection to server ladoix:389 - ldap_bind() returned -1
14:15:05 7886 lookup deferred: failed to bind the LDAP connection
to server ladoix:389 - ldap_bind() returned -1
When everything
goes well, that is when I lookup an OpenLDAP server:
14:23:27 336 initialized for LDAP (v3) server
localhost:389
14:23:27 336 LDAP_OPT_X_TLS_TRY set
14:23:27 336 binding with user=NULL password=NULL
14:23:27 336 Start search
14:23:27 336
ldap_result loop
14:23:27 336 LDAP entry loop
I don't like this "LDAP_OPT_X_TLS_TRY set" because I know
Domino won't accept TLS connection. I can verify this when I use
"ldapsearch" without the "-x" option. Bit I don't know
how to unset it, so I can't do further investigations.
Any
idea?
BTW, my exim version is 4.63.
--
Olivier
Delemar