Hello,
Having trouble with patches. First, I am using the following:
qmail-ldap-1.03-20060201.patch
qmail-ldap-1.03-20060201-controls20060217.patch
I am building this on a current (as of 2006/04/03) Fedora
core 4 distribution. Everything compiles to completion. There are
warnings but it does not abort.
Various programs (qmail-send, pbscheck, qmail-smtpd) complain that they
can't read the LDAP db. I have checked the LDAP log and it says it is
getting queries and responding. I have watched the dialogue with a
packet sniffer and can watch the programs accessing the LDAP db.
The build of the system is fully scripted and easily repeated with
consistent results. The LDAP server is configured without ACL's as
this is still an engineering exercise. As a result, anonymous binds
to the LDAP server work just fine. This is verified with ldapsearch
at the command line. Basically, LDAP is working fine.
Next I have used the LOGLEVEL and added checkpoints to the code and it
turns out that all of the failures I am seeing have the same pattern.
They seem to be at points where the following conditions are true.
1.) the software is trying to perform an ldap lookup.
2.) the ldap attribute name being looked up is not in the ldap database.
3.) the particular ldap attributes in question are always accessed with
the 'control_readfile' function.
4.) when these attributes are added to the ldap database with any
values, the lookup succeeds and moves on to the next attribute.
5.) adding "control/'attribute'" files to /var/qmail/control does not
change the behavior. The software bails out before checking for files.
Originally I was having problems starting qmail-send. I was getting
the following error message...
alert: cannot start: unable to read controls
After digging, I found that the failure happened when qmail-send tried
to look up percentHack. I added percentHack to LDAP and the failure
moved to virtualDomains. When I added the virtualDomains attribute to
the LDAP db qmail-send started ok.
When I set LOGLEVEL to 128, I got the logfile excerpt appended to the
end of this email. Note that this was after adding percentHack and
before adding virtualDomains to the LDAP db.
Also, I am including a copy of the head of the Makefile and a copy of
the controls LDIF, below. While I was working on qmail-send, I sent much
of this information to Turbo. I am including his reply as well.
So far, it seems to me that the problem is with the 'control_readfile'
routine. I am still trying to pin it down further, but any insights
anybody else has would be greatly appreciated.
Thanks,
Bill Uhl
GreenLight Networks, LLC
========Turbo's reply to my first inquiry ===================
Turbo Fredriksson wrote:
Quoting Bill Uhl <[EMAIL PROTECTED]>:
>When I add the percentHack and virtualDomains attributes to the ldap
>db, qmail-send starts ok.
>
I have neither of these, and it works just great (with the very latest
QmailLDAP patch).
>I thought these attributes were optional and
>defaulted to none. I don't know if this is a problem with my setup,
>the qmail-ldap-control code, or the qmail-ldap code.
>
There are some problems with the QmailLDAP/Controls code, but from
what I understand only on i386 and then only on SOME of them!
>dn:
cn=mailer1.greenlightnet.com,ou=QmailLDAPControl,dc=greenlightnet,dc=com,dc=root
>ldapBaseDN: dc=root
>ldapServer: 127.0.0.1
>
You don't have the 'ldapPassword' and 'ldapLogin' attribute set. You
shouldn't need
then, but it was such a long time since I wrote that part I can't
remember any longer.
The idea was that the corresponding FILES was to get the QmailLDAP/Controls
object, and the values in the LDAP server was used for looking for users...
>@40000000442702f833d7e384 Can't open
control/ldappassword (errno=2)
>@40000000442702f833de0da4 Can't open
control/ldaplogin (errno=2)
>
These two are hints! I'm not sure if QmailLDAP/Controls allow anonymous
bind!
Try creating these BEFORE you try adding them to the LDAP database
(which you
shouldn't HAVE to - only do that as a last resort - keep reading).
>@40000000442702f833e9257c Can't open
control/port_ldap (errno=2)
>
This should be pefectly ok.
>@40000000442702f833eb5be4 control_readline: Looking for:
'control/ldapcontroldn'
>@40000000442702f833ed1d1c Searching FS
>@40000000442702f833eec2fc
2:value(control/ldapcontroldn)='cn=buildme2.greenlightnet.gln,ou=QmailLDAPControl,dc=greenlightnet,dc=gln,dc=root
>
This is however WRONG! The value should have the 'cn' bit's stripped!
That is,
it should contain the value
'ou=QmailLDAPControl,dc=greenlightnet,dc=gln,dc=root'.
>@40000000442702f8342b6a54 qldap_ctrl_bind: Binding to LDAP server as :
>@40000000442702f8342d0c4c qldap_bind: successful
>
Oki, so it seems like it CAN do anonymous binds...
I have no idea why it works if you add the percentHack and
virtualDomains attributes
though!
=================== head of makefile ===========================
# Edit this few lines to configure your ldap stuff
# to enable some additional for qmail-ldap stuff put it on the LDAPFLAGS
line
#
# -DALTQUEUE to use a diffrent qmail-queue programm on runtime
# -DBIGBROTHER to use the control/bigbrother file to forward all mails
comming
# from a specified account to another (swiss bigbrother law)
# -DBIGTODO to enable the big todo patch (this can be used together with
# EXTERNAL_TODO). Useful for servers with very many non-preprocessed
mails
# -DBIND_8_COMPAT need if the compile fails building dns.c because of
# undeclared defines. This is necessary on MacOS X 10.3.
# -DCLEARTEXTPASSWD to use cleartext passwords (bad idea on production
systems)
# -DDASH_EXT to enable the dash_ext patch for extended mail addresses
# -DDATA_COMPRESS to use the smtp on the fly DATA compression
# -DEXTERNAL_TODO to use the external high-performance todo processing (this
# avoids the silly qmail syndrome with high injection rates)
# -DIGNOREVERISIGN to disallow dns wildchar matches on gtlds, thanks
verisign.
# -DQLDAP_CLUSTER for enabling cluster support
# -DQMQP_COMPRESS to use the QMQP on the fly compression (for clusters)
# -DQUOTATRASH to include the Trash in the quota calculation (normaly it
is not)
# -DSMTPEXECCHECK to enable smtp DOS/Windows executable detection
# -DCOURIER use Courier POP3d/IMAPd instead of Qmail POP3d
#LDAPFLAGS=-DQLDAP_CLUSTER -DEXTERNAL_TODO -DDASH_EXT -DDATA_COMPRESS
-DQMQP_COMPRESS -DSMTPEXECCHECK -DCOURIER
LDAPFLAGS=-DALTQUEUE -DBIGTODO -DEXTERNAL_TODO -DIGNOREVERISIGN
-DQUOTATRASH -DSMTPEXECCHECK -DCOURIER
# * These are some options to securly connect to the LDAP server
# -DSECUREBIND_SASL Bind using SASL
# -DSECUREBIND_SSL Encrypt the channel with SSL
# -DSECUREBIND_TLS Encrypt the channel with TLS (SSL v3)
# -DSECUREBIND_ALL All of the above...
#SECUREBIND=-DSECUREBIND_ALL
# * Log authentication success/failures in auth_{pop,imap,smtp}
SYSLOGAUTH=-DSYSLOGAUTH
# -DUSE_RFC2307 -> Follow the RFC2307
# -DUSE_RFC822 -> Follow the RFC822
# See the QLDAPINSTALL file for more about this.
#RFCFLAGS=-DUSE_RFC2307 -DUSE_RFC822
# to enable having the configuration (~control/* in the LDAP database
# to, uncomment the following line and read QLDAPINSTALL.
# -DUSE_CONTROLDB Search LDAP for control files
# -DQLDAP_BAILOUT First search LDAP, then FS
CONTROLDB=-DUSE_CONTROLDB -DQLDAP_BAILOUT
# Perhaps you have different ldap libraries, change them here
LDAPLIBS=-L/usr/lib -lldap -llber
# and change the location of the include files here
LDAPINCLUDES=-I/usr/include
# on Slowaris you need -lresolv and probably a LD_RUN_PATH added like this:
#LDAPLIBS=-L/opt/OpenLDAP/lib -lldap -llber -lresolv -R/opt/OpenLDAP/lib
# for example on my Linux box I use:
#LDAPLIBS=-L/opt/OpenLDAP/lib -lldap -llber
# if you need a special include-directory for ldap headers enable this
#LDAPINCLUDES=-I/opt/OpenLDAP/include
# ZLIB needed for -DDATA_COMPRESS and -DQMQP_COMPRESS
#ZLIB=-lz
# or you installed zlib in a different path you can use something like this
#ZLIB=-L/opt/zlib/lib -lz
#ZINCLUDES=-I/opt/zlib/include
# TLS (SMTP encryption) in qmail-smtpd and qmail-remote, see TLS.readme
# You need OpenSSL for this
# use -DTLS_REMOTE to enable tls support in qmail-remote
# use -DTLS_SMTPD to enable tls support in qmail-smtpd
# use -DTLSDEBUG to enable additional tls debug information in qmail-remote
TLS=-DTLS_REMOTE -DTLS_SMTPD
# Path to OpenSSL includes
TLSINCLUDES=-I/usr/include
# Path to OpenSSL libraries
TLSLIBS=-L/usr/lib -lssl -lcrypto
# Path to OpenSSL binary
OPENSSLBIN=/usr/bin/openssl
#OPENSSLBIN=openssl
# to make the Netscape download progress bar work with qmail-pop3d
# uncomment the next line (allready done)
#MNW=-DMAKE_NETSCAPE_WORK
# to enable the auto-maildir-make feature uncomment the next line
MDIRMAKE=-DAUTOMAILDIRMAKE
# to enable the auto-homedir-make feature uncomment the next line
#HDIRMAKE=-DAUTOHOMEDIRMAKE
# on most systems we need this to make auth_pop and auth_imap
SHADOWLIBS=-lcrypt
# OpenBSD and other Systems do not have libcrypt, so comment the line out
# if you get linking problems.
# To use shadow passwords under some Linux OS, uncomment the next two lines.
#SHADOWLIBS=-lcrypt -lshadow
#SHADOWOPTS=-DPW_SHADOW
# To use shadow passwords under Solaris, uncomment the SHADOWOPTS line.
# to enable the possibility to log and debug imap and pop uncoment the
# next line
DEBUG=-DDEBUG
# WARNING: you need a NONE DEBUG auth_* to run with inetd
# for profiling ...
#INCTAI=../libtai-0.60
#LIBTAI=../libtai-0.60
# Just for me, make from time to time a backup
BACKUPPATH=/backup/qmail-backup/qmail-ldap.`date "+%Y%m%d-%H%M"`.tar
# STOP editing HERE !!!
================== control ldif ===================================
# buildme2.greenlightnet.gln control settings
dn:
cn=buildme2.greenlightnet.gln,ou=QmailLDAPControl,dc=greenlightnet,dc=gln,dc=root
#
# some basic ldif bookkeeping
objectclass: qmailControl
cn: buildme2.greenlightnet.gln
#
# limit bounces to 25 KB
bounceMaxBytes: 25600
# this is already available in the whois info
customBounceText: You can contact GreenLight Networks, LLC at +1.6096515049
# limit incoming mail to 200 MB
dataBytes: 209715200
defaultDomain: greenlightnet.gln
defaultHost: greenlightnet.gln
defaultQuotaCount: 1500
defaultQuotaSize: 10485760
envNoAtHost: greenlightnet.gln
ldapBaseDN: dc=root
ldapGid: 610
ldapLocalDelivery: 0
ldapMessageStore: /var/qmail/maildirs
ldapObjectClass: qmailUser
# address of ldap server w/ user acct info
# not sure how to set up multiple servers
ldapServer: 127.0.0.1
ldapUid: 610
localIpHost: greenlightnet.gln
#
# local mailboxes
locals: localhost
locals: 127.0.0.1
locals: greenlightnet.gln
locals: buildme2.greenlightnet.gln
locals: theblob.com
#
# pbs settings
pbsSecret: ****************
pbsServers: 127.0.0.1
pbsTimeOut: 960
# end of pbs settings
#
plusDomain: greenlightnet.gln
quotaWarning: You're mailbox is getting full. Please delete messages or
increase your quota.
#
# domains to accept and forward
rcptHosts: renworks.com
#
smtpCert: /var/qmail/control/cert.pem
#
# putting these in to move on after debugging
percentHack: qmaildebug.gln
virtualDomains: qmaildebug.gln:bogus
pbsEnv: USER=TCPREMOTEINFO
====================== qmail-send logfile excerpt =====================
control_readline: Looking for: 'control/me'
Searching FS
2:value(control/me)='buildme2.greenlightnet.gln
Z'
control_readline: Looking for: 'control/ldappassword'
Searching FS
Can't open control/ldappassword (errno=2)
control_readline: Looking for: 'control/ldaplogin'
Searching FS
Can't open control/ldaplogin (errno=2)
control_readfile: Looking for: 'control/ldapserver'
Searching FS
control_readline: Looking for: 'control/port_ldap'
Searching FS
Can't open control/port_ldap (errno=2)
control_readline: Looking for: 'control/ldapcontroldn'
Searching FS
2:value(control/ldapcontroldn)='cn=buildme2.greenlightnet.gln,ou=QmailLDAPControl,dc=greenlightnet,dc=gln,dc=root
Z'
qldap_ctrl_bind: Allocating memory for LDAP connection: SUCCESS
qldap_ctrl_bind: Opening LDAP connection to localhost:
qldap_open: ldap_init(localhost, 389): SUCCESS
qldap_set_option: set referrals successful
-> LDAP connection opened successfully
qldap_ctrl_bind: Binding to LDAP server as :
qldap_bind: successful
control_readline: Looking for: 'control/ldapbasedn'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: ldapbasedn
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
1:value(control/ldapbasedn)='dc=root'
control_readline: Looking for: 'control/ldapobjectclass'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: ldapobjectclass
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
1:value(control/ldapobjectclass)='qmailUser'
control_readline: Looking for: 'control/ldaptimeout'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: ldaptimeout
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
Searching FS
Can't open control/ldaptimeout (errno=2)
control_readline: Looking for: 'control/ldaprebind'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: ldaprebind
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
Searching FS
Can't open control/ldaprebind (errno=2)
control_readline: Looking for: 'control/ldapuid'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: ldapuid
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
1:value(control/ldapuid)='610'
control_readline: Looking for: 'control/ldapgid'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: ldapgid
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
1:value(control/ldapgid)='610'
control_readline: Looking for: 'control/ldapmessagestore'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: ldapmessagestore
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
1:value(control/ldapmessagestore)='/var/qmail/maildirs'
control_readline: Looking for: 'control/ldapdefaultdotmode'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: ldapdefaultdotmode
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
Searching FS
Can't open control/ldapdefaultdotmode (errno=2)
control_readline: Looking for: 'control/defaultquotasize'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: defaultquotasize
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
1:value(control/defaultquotasize)='10485760'
control_readline: Looking for: 'control/defaultquotacount'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: defaultquotacount
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
1:value(control/defaultquotacount)='1500'
control_readline: Looking for: 'control/queuelifetime'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: queuelifetime
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
Searching FS
Can't open control/queuelifetime (errno=2)
control_readline: Looking for: 'control/concurrencylocal'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: concurrencylocal
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
Searching FS
Can't open control/concurrencylocal (errno=2)
control_readline: Looking for: 'control/concurrencyremote'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: concurrencyremote
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
Searching FS
Can't open control/concurrencyremote (errno=2)
control_readline: Looking for: 'control/envnoathost'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: envnoathost
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
1:value(control/envnoathost)='greenlightnet.gln'
control_readline: Looking for: 'control/bouncefrom'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: bouncefrom
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
Searching FS
Can't open control/bouncefrom (errno=2)
control_readline: Looking for: 'control/bouncehost'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: bouncehost
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
Searching FS
Can't open control/bouncehost (errno=2)
control_readline: Looking for: 'control/doublebouncehost'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: doublebouncehost
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
Searching FS
Can't open control/doublebouncehost (errno=2)
control_readline: Looking for: 'control/doublebounceto'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: doublebounceto
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
Searching FS
Can't open control/doublebounceto (errno=2)
control_readline: Looking for: 'control/bouncemaxbytes'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: bouncemaxbytes
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
1:value(control/bouncemaxbytes)='25600'
control_readfile: Looking for: 'control/locals'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: locals
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
3:value((null
pointer))='localhost127.0.0.1greenlightnet.glnbuildme2.greenlightnet.glntheblob.com'
control_readfile: Looking for: 'control/percenthack'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: percenthack
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
3:value((null pointer))='theblob.com'
control_readfile: Looking for: 'control/virtualdomains'
Searching LDAP
me: buildme2.greenlightnet.gln
attribute: virtualdomains
search for
(&(cn=buildme2.greenlightnet.gln)(objectclass=qmailControl)) succeeded
Searching FS
Can't open (null pointer) (errno=14)
alert: cannot start: unable to read controls
