[exim] ldap lookups failed on a Lotus Domino LDAP server

Góra strony
Delete this message
Reply to this message
Autor: Olivier Delemar
Data:  
Dla: exim-users
Temat: [exim] ldap lookups failed on a Lotus Domino LDAP server


Hello,

I've submited a bug repport
(http://bugs.exim.org/show_bug.cgi?id=568) about this problem and it was
suggested that I post my request here, where there should be LDAP
specialists.

To make the long story short, I can send requests
to a Lotus Domino LDAP service with "ldapsearch" over a non-TLS
connection (option "-x"), I cant lookup LDAP entries in an
OpenLDAP, TLS capable LDAP server from exim4 ACLs or routers, but I can't
connect to the Domino LDAP service from exim ACL/routers.

An
"exim4 -d+all -bh <ip address>" give me the following
error lines :

13:49:52  7886 ldap_initialize with URL
ldap://ladoix:389/
13:49:52  7886 initialized for LDAP (v3)
server ladoix:389
13:49:52  7395 LDAP_OPT_X_TLS_TRY set
13:49:52  7395 binding with user=NULL password=NULL
13:49:52  7395 failed to bind the LDAP connection to server
ladoix:389 - ldap_bind() returned -1
13:49:52  7395 lookup
deferred: failed to bind the LDAP connection to server ladoix:389 -
ldap_bind() returned -1

With a non-annonymous connection::

14:15:05  7886 ldap_initialize with URL ldap://ladoix:389/
14:15:05  7886 initialized for LDAP (v3) server ladoix:389
14:15:05  7886 LDAP_OPT_X_TLS_TRY set
14:15:05  7886
binding with user=CN=Olivier Delemar,OU=DL,OU=Meylan,O=Genomex,C=FR
password=supersecret
14:15:05  7886 failed to bind the LDAP
connection to server ladoix:389 - ldap_bind() returned -1
14:15:05  7886 lookup deferred: failed to bind the LDAP connection
to server ladoix:389 - ldap_bind() returned -1

When everything
goes well, that is when I lookup an OpenLDAP server:

14:23:27   336 initialized for LDAP (v3) server
localhost:389
14:23:27   336 LDAP_OPT_X_TLS_TRY set
14:23:27   336 binding with user=NULL password=NULL
14:23:27   336 Start search
14:23:27   336
ldap_result loop
14:23:27   336 LDAP entry loop

I don't like this "LDAP_OPT_X_TLS_TRY set" because I know
Domino won't accept TLS connection. I can verify this when I use
"ldapsearch" without the "-x" option. Bit I don't know
how to unset it, so I can't do further investigations.

Any
idea?

BTW, my exim version is 4.63.

--
Olivier
Delemar