Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. dev
[Bug 568] ldap lookups seem to require a TLS capable LDAP server
olivier.delemar at free
Jul 25, 2007, 9:47 AM
Post #1 of 2 (629 views)
Permalink
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=568




--- Comment #1 from Olivier Delemar <olivier.delemar@free.fr> 2007-07-25 17:47:09 ---
Sorry, I forgot the acl:

warn
message = X-Warning: $local_part@$domain not in LDAP
log_message = $local_part@$domain not in LDAP
condition = ${lookup
ldap{ldap://ladoix/o=genomex,c=fr?uid?sub?(|(cn=${local_part})(shortname=${local_part})(uid=${local_part})(mail=${local_part}@${domain}))}{0}{1}}


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 568] ldap lookups seem to require a TLS capable LDAP server [ In reply to ]
ph10 at hermes
Jul 26, 2007, 9:03 AM
Post #2 of 2 (603 views)
Permalink
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=568




--- Comment #2 from Philip Hazel <ph10@hermes.cam.ac.uk> 2007-07-26 17:03:37 ---
On Wed, 25 Jul 2007, Olivier Delemar wrote:

> The query works just fine whith an cli ldap client:
>
> root# ldapsearch -H ldap://ladoix -x -b 'o=genomex,c=fr'
> '(|(cn=o.delemar)(shortname=o.delemar)(uid=o.delemar)(mail=o.delemar@genome-express.com))'
> dn -LLL
> dn: CN=Olivier Delemar,OU=DL,OU=Meylan,O=Genomex,C=FR
>
> (please note the '-x' option which means "Use simple authentication instead of
> SASL.")
>
> but fails in the acl:

> 18:37:21 20141 LDAP_OPT_X_TLS_TRY set
> 18:37:21 20141 binding with user=NULL password=NULL
> 18:37:21 20141 failed to bind the LDAP connection to server ladoix:389 -
> ldap_bind() returned -1
> 18:37:21 20141 lookup deferred: failed to bind the LDAP connection to server
> ladoix:389 - ldap_bind() returned -1
>
> I'm wondering if "LDAP_OPT_X_TLS_TRY set" is not the point.
>
> I have another install with an OpenLDAP, SSL capable LDAP server, and my ldap
> lookups (in router rules) work like a charm.

I am not an LDAP expert. However, I run very simple tests on a very
simple LDAP server without using TLS, and they seem to work. It might be
worth posting this problem to the exim-users list so that some LDAP
experts can comment.

Philip


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal