Bug#698732: dspam external map does not work with TLS enabled

Wed, 23 Jan 2013 23:45:15 -0800 

Yes, I described the log message from openldap because DSPAM doesn't
produce one.  It simply comes back with "no mapping found" as seen below.

extlookup.conf:

ExtLookup  on
ExtLookupMode strict
ExtLookupDriver ldap
ExtLookupServer localhost
ExtLookupPort 636
ExtLookupDB "ou=people,dc=home,dc=lan"
ExtLookupQuery "(&(objectClass=posixAccount)(uid=%u))"
ExtLookupLDAPAttribute "uid"
ExtLookupLDAPScope sub
ExtLookupLDAPVersion 3
ExtLookupLogin "cn=dspamadm,ou=administrators,dc=home,dc=lan"
ExtLookupPassword "myPassword"
ExtLookupCryptox tls

log files:

==> /var/log/debug <==
Dec 13 11:53:30 myserver slapd[2030]: conn=1000 fd=11 ACCEPT from IP=
127.0.0.1:56251 (IP=0.0.0.0:636)

==> /var/log/syslog <==
Dec 13 11:53:30 myserver slapd[2030]: conn=1000 fd=11 closed (TLS
negotiation failure)
Dec 13 11:53:30 myserver dspam[1977]: External Lookup: Backend
initialization failure: Can't contact LDAP server

command line:

root@myserver:/etc/dspam# ldapsearch -b 'ou=people,dc=home,dc=lan' -x -H
ldaps://localhost -W -D "cn= dspamadm,ou=administrators,dc=home,dc=lan"
 "(&(objectClass=posixAccount)(uid=jason))" uid
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=home,dc=lan> with scope subtree
# filter: (&(objectClass=posixAccount)(uid=jason))
# requesting: uid
#

# jason, people, home.lan
dn: uid=jason,ou=people,dc=home,dc=lan
uid: jason

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


Thanks
Jason


On Wed, Jan 23, 2013 at 4:21 PM, Thomas Preud'homme <[email protected]>wrote:

> Le mardi 22 janvier 2013 22:19:30, vous avez écrit :
> > Package: dspam
> > Version: 3.10.2+dfsg-5
> >
> > I am trying to use the LDAP external user verification mechanism for
> > DSPAM but the connection fails with a "negotiation failure".  I am
> > able to use the same DM and password via the command line LDAP tools,
> > but DSPAM itself will not connect.  I have the certificate information
> > in the system wide ldap.conf file so DSPAM should be able to see it.
> >
> >
> > I am using the latest Debian stable and DSPAM via the backports
> repository.
>
> The "TLS negotiation failure" message comes from openldap, not dspam. Could
> you attach the relevant configuration file (extlookup.conf) and the
> command line
> you used outside dspam.
>
> Best regards,
>
> Thomas Preud'homme
>

Reply via email to