Hi,
thanks for releasing exim 4.82.
Unfortunately I had some obscure problems using LDAPS. A configuration
working with exim 4.80.1 without problems does hang forever after a client
send "DATA" via socket. The client does not even receive
354 Enter message, ending with "." on a line by itself
but the daemon writes
SMTP>> 354 Enter message, ending with "." on a line by itself
in debug mode. The problem does NOT occur if I use "exim -bs" instead of
"exim -bd". Strange. Due to some unusual ldaps messages I assume it is
caused by LDAPS.
I also noticed that
exim -be '${lookup ldap{... ldaps:///...}}'
hangs forever which works with exim 4.80.1. Using "exim -be" interactive
I can specify ldaps queries and get the correct result but exim hangs when
"Ctrl-D" is given. LDAP instead of LDAPS seems to work but I had to query
a different ldap server for a quick test so treat with caution.
Here is the relevant part of exim -be '${lookup ldap{... ldaps:///...}}'
using exim 4.80.1:
ldap_initialize with URL ldaps://ldap.example.org:636/
initialized for LDAP (v3) server ldap.example.org:636
LDAP_OPT_X_TLS_HARD set
binding with user=cn=ldapadmin,dc=example.org password=secret
Start search
ldap_result loop
LDAP entry loop
LDAP attr loop uid:user
search ended by ldap_result yielding 101
ldap_parse_result: 0
ldap_parse_result yielded 0: Success
LDAP search: returning: user
lookup yielded: user
search_tidyup called
unbind LDAP connection to ldap.example.org:636
>>>>>>>>>>>>>>>> Exim pid=679180 terminating with rc=0 >>>>>>>>>>>>>>>>
and exim 4.82:
ldap_initialize with URL ldaps://ldap.example.org:636/
initialized for LDAP (v3) server ldap.example.org:636
Require certificate overrides LDAP_OPT_X_TLS option (0)
binding with user=cn=ldapadmin,dc=example.org password=secret
failed to bind the LDAP connection to server ldap.example.org:636 - ldap_bind() returned -1
perform_ldap_search: ldap URL = "ldaps:///o=ORG?uid?sub?(&(uid=user)(objectClass=Person))" server=localhost port=8636 sizelimit=0 timelimit=0 tcplimit=2
after ldap_url_parse: host=localhost port=8636
ldap_initialize with URL ldaps://localhost:8636/
initialized for LDAP (v3) server localhost:8636
Require certificate overrides LDAP_OPT_X_TLS option (0)
binding with user=cn=ldapadmin,dc=example.org password=secret
Start search
ldap_result loop
LDAP entry loop
LDAP attr loop uid:user
search ended by ldap_result yielding 101
ldap_parse_result: 0
ldap_parse_result yielded 0: Success
LDAP search: returning: user
lookup yielded: user
search_tidyup called
unbind LDAP connection to localhost:8636
unbind LDAP connection to ldap.example.org:636
Please notice:
- There is no final ">>>> ... terminating with ..." line and exim hangs
forever in select()
- exim 4.82 emits "ldap_bind() returned -1" and uses the fallback ldap
caching server (localhost) but exim 4.80 had no problems with both
LDAP servers.
- exim 4.80 writes "LDAP_OPT_X_TLS_HARD set" but exim 4.82 emits
"Require certificate overrides LDAP_OPT_X_TLS option (0)"
- although exim 4.82 had a failed bind to primary server and uses the
fallback, there is an "unbind" for both.
Version:
Exim version 4.82 #4 built 29-Oct-2013 10:16:00
Copyright (c) University of Cambridge, 1995 - 2013
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2013
Berkeley DB: Berkeley DB 4.8.30: (April 9, 2010)
Support for: crypteq iconv() Perl OpenSSL Content_Scanning
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm pgsql
Authenticators: plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir autoreply pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /server/exim/server/etc/exim.conf
Any ideas? Does anyone else notice problems using LDAPS with exim 4.82?
Heiko
Heiko Schlichting Freie Universität Berlin
heiko.schlichting@??? Zentraleinrichtung für Datenverarbeitung
Telefon +49 30 838-54327 Fabeckstraße 32
Telefax +49 30 838454327 14195 Berlin
