Re: [exim] LDAP Bind Failure

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MCameron Hurst at <-
 
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Cameron Hurst
CC: exim-users
Subject: Re: [exim] LDAP Bind Failure
On 2010-12-26 at 10:31 -0800, Cameron Hurst wrote:
> ldap_bind() returned -1
>
> The error shows that the macro expansion worked for me and that LDAP
> failed to bind. A direct insert from the error log into "exim -be" and
> it works without a problem. No errors no failures no nothing. Does
> anyone have any suggestions about how I could look for the problem or
> what it could possibly be?

I suspect system security lockdown via something like SELinux preventing
the exim user from connecting out on a non-standard port, but permitting
you, as a privileged real user, to do so.

If temporarily disabling SELinux makes this work, then you know you need
to either change the SELinux policy or change how you connect to LDAP.

(Eg, since this is localhost anyway, you might try a unix-domain socket
instead, which has the advantage that you can get rid of the password
with the appropriate sasl-regexp directives (assuming OpenLDAP) to use
SASL EXTERNAL based on the kernel-reported uid of the process connecting
to the socket)

-Phil

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] LDAP Bind Failure[exim] exim dies on the interrupted system call->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)