[Pkg-dspam-misc] Bug#698732: dspam external map does not work with TLS enabled
Jason Johnson
jason.johnson.081 at gmail.com
Thu Jan 24 07:44:22 UTC 2013
Yes, I described the log message from openldap because DSPAM doesn't
produce one. It simply comes back with "no mapping found" as seen below.
extlookup.conf:
ExtLookup on
ExtLookupMode strict
ExtLookupDriver ldap
ExtLookupServer localhost
ExtLookupPort 636
ExtLookupDB "ou=people,dc=home,dc=lan"
ExtLookupQuery "(&(objectClass=posixAccount)(uid=%u))"
ExtLookupLDAPAttribute "uid"
ExtLookupLDAPScope sub
ExtLookupLDAPVersion 3
ExtLookupLogin "cn=dspamadm,ou=administrators,dc=home,dc=lan"
ExtLookupPassword "myPassword"
ExtLookupCryptox tls
log files:
==> /var/log/debug <==
Dec 13 11:53:30 myserver slapd[2030]: conn=1000 fd=11 ACCEPT from IP=
127.0.0.1:56251 (IP=0.0.0.0:636)
==> /var/log/syslog <==
Dec 13 11:53:30 myserver slapd[2030]: conn=1000 fd=11 closed (TLS
negotiation failure)
Dec 13 11:53:30 myserver dspam[1977]: External Lookup: Backend
initialization failure: Can't contact LDAP server
command line:
root at myserver:/etc/dspam# ldapsearch -b 'ou=people,dc=home,dc=lan' -x -H
ldaps://localhost -W -D "cn= dspamadm,ou=administrators,dc=home,dc=lan"
"(&(objectClass=posixAccount)(uid=jason))" uid
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=home,dc=lan> with scope subtree
# filter: (&(objectClass=posixAccount)(uid=jason))
# requesting: uid
#
# jason, people, home.lan
dn: uid=jason,ou=people,dc=home,dc=lan
uid: jason
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Thanks
Jason
On Wed, Jan 23, 2013 at 4:21 PM, Thomas Preud'homme <robotux at debian.org>wrote:
> Le mardi 22 janvier 2013 22:19:30, vous avez écrit :
> > Package: dspam
> > Version: 3.10.2+dfsg-5
> >
> > I am trying to use the LDAP external user verification mechanism for
> > DSPAM but the connection fails with a "negotiation failure". I am
> > able to use the same DM and password via the command line LDAP tools,
> > but DSPAM itself will not connect. I have the certificate information
> > in the system wide ldap.conf file so DSPAM should be able to see it.
> >
> >
> > I am using the latest Debian stable and DSPAM via the backports
> repository.
>
> The "TLS negotiation failure" message comes from openldap, not dspam. Could
> you attach the relevant configuration file (extlookup.conf) and the
> command line
> you used outside dspam.
>
> Best regards,
>
> Thomas Preud'homme
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-dspam-misc/attachments/20130124/56af1f04/attachment.html>
More information about the Pkg-dspam-misc
mailing list