[Pkg-dspam-misc] Bug#698732: dspam external map does not work with TLS enabled
Jason Johnson
jason.johnson.081 at gmail.com
Thu Jan 24 07:45:58 UTC 2013
Oh sorry, it doesn't say "no mapping found" it says "Backend initialization
failure: Can't contact LDAP server" as per the log file section of my
previous mail.
On Thu, Jan 24, 2013 at 8:44 AM, Jason Johnson
<jason.johnson.081 at gmail.com>wrote:
> Yes, I described the log message from openldap because DSPAM doesn't
> produce one. It simply comes back with "no mapping found" as seen below.
>
> extlookup.conf:
>
> ExtLookup on
> ExtLookupMode strict
> ExtLookupDriver ldap
> ExtLookupServer localhost
> ExtLookupPort 636
> ExtLookupDB "ou=people,dc=home,dc=lan"
> ExtLookupQuery "(&(objectClass=posixAccount)(uid=%u))"
> ExtLookupLDAPAttribute "uid"
> ExtLookupLDAPScope sub
> ExtLookupLDAPVersion 3
> ExtLookupLogin "cn=dspamadm,ou=administrators,dc=home,dc=lan"
> ExtLookupPassword "myPassword"
> ExtLookupCryptox tls
>
> log files:
>
> ==> /var/log/debug <==
> Dec 13 11:53:30 myserver slapd[2030]: conn=1000 fd=11 ACCEPT from IP=
> 127.0.0.1:56251 (IP=0.0.0.0:636)
>
> ==> /var/log/syslog <==
> Dec 13 11:53:30 myserver slapd[2030]: conn=1000 fd=11 closed (TLS
> negotiation failure)
> Dec 13 11:53:30 myserver dspam[1977]: External Lookup: Backend
> initialization failure: Can't contact LDAP server
>
> command line:
>
> root at myserver:/etc/dspam# ldapsearch -b 'ou=people,dc=home,dc=lan' -x -H
> ldaps://localhost -W -D "cn= dspamadm,ou=administrators,dc=home,dc=lan"
> "(&(objectClass=posixAccount)(uid=jason))" uid
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <ou=people,dc=home,dc=lan> with scope subtree
> # filter: (&(objectClass=posixAccount)(uid=jason))
> # requesting: uid
> #
>
> # jason, people, home.lan
> dn: uid=jason,ou=people,dc=home,dc=lan
> uid: jason
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
>
> Thanks
> Jason
>
>
> On Wed, Jan 23, 2013 at 4:21 PM, Thomas Preud'homme <robotux at debian.org>wrote:
>
>> Le mardi 22 janvier 2013 22:19:30, vous avez écrit :
>> > Package: dspam
>> > Version: 3.10.2+dfsg-5
>> >
>> > I am trying to use the LDAP external user verification mechanism for
>> > DSPAM but the connection fails with a "negotiation failure". I am
>> > able to use the same DM and password via the command line LDAP tools,
>> > but DSPAM itself will not connect. I have the certificate information
>> > in the system wide ldap.conf file so DSPAM should be able to see it.
>> >
>> >
>> > I am using the latest Debian stable and DSPAM via the backports
>> repository.
>>
>> The "TLS negotiation failure" message comes from openldap, not dspam.
>> Could
>> you attach the relevant configuration file (extlookup.conf) and the
>> command line
>> you used outside dspam.
>>
>> Best regards,
>>
>> Thomas Preud'homme
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-dspam-misc/attachments/20130124/2372d62b/attachment-0001.html>
More information about the Pkg-dspam-misc
mailing list