Ok, I checked the link. On debian the ldap.conf file is /etc/ldap and all
programs in the system seem to understand this some how (I haven't yet
found where this is being set and I don't see LDAPCONF being set). But
just in case, I made a symlink in /usr/local/etc for openldap in case dspam
was still using that somehow. Still nothing. I've tried everything I can
think of and all I get from the log files is:
Dec 13 11:53:30 server slapd[2030]: conn=1000 fd=11 closed (TLS negotiation
failure)
Dec 13 11:53:30 server dspam[1977]: External Lookup: Backend initialization
failure: Can't contact LDAP server
This is all I've ever gotten so I can't even tell if it's using the
certificates or what.
My dspam.d/extlookup.conf is:
ExtLookup on # Turns on/off external lookup
ExtLookupMode strict # available modes are 'verify', 'map' and 'strict'.
# 'strict' enforces both verify and map
ExtLookupDriver ldap # Currently only ldap and program are supported.
# There are plans to support both MySQL and Postgres.
ExtLookupServer localhost # Can either be a database hostname or the full
path to
# an executable lookup program and its arguments.
ExtLookupPort 636 # Desired port when connecting to the lookup database.
ExtLookupDB "ou=people,dc=myserver,dc=com" # Can either
be an LDAP search base or a database name (TODO).
ExtLookupQuery "(&(objectClass=posixAccount)(uid=%u))" # Can either be an
LDAP search filter or an SQL query (TODO)
ExtLookupLDAPAttribute "uid" # Attribute to be used when ExtLookupDriver
is 'ldap'
# and ExtLookupMode 'map' or 'strict'
ExtLookupLDAPScope sub # Can be set to 'base', 'sub' or 'one'. Only used
when ExtLookupDriver is 'ldap'.
ExtLookupLDAPVersion 3 # Sets the LDAP protocol version (1, 2 or 3)
ExtLookupLogin "cn=myuser,ou=administrators,dc=myserver,dc=com" # Login
to be used when connecting to any direct database backend.
ExtLookupPassword "mypassword" # Password to use with ExtLookupLogin.
ExtLookupCryptox tls # Sets the use of TLS on backend communication (only
compatible with LDAPv3)
Has anyone gotten this working on Debian Squeeze?
Sincerely
Jason
On Mon, Nov 26, 2012 at 8:31 PM, Quanah Gibson-Mount <qua...@zimbra.com>wrote:
> --On Saturday, November 24, 2012 1:51 PM +0100 Jason Johnson <
> jason.johnson....@gmail.com> wrote:
>
> I assume the problem is that the LDAP library isn't finding where the
>> certs are. Is there any way for me to tell it?
>>
>
> <http://www.openldap.org/**software/man.cgi?query=ldap.**
> conf&apropos=0&sektion=0&**manpath=OpenLDAP+2.4-Release&**format=html<http://www.openldap.org/software/man.cgi?query=ldap.conf&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html>
> >
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
