Hi Jason, Have you managed to get this working if not. You seem to be asking DSPAM to attempt a StartTLS connection on the SSL port 636. Usually you would use StartTLS on the standard ldap port.
Sorry about the delay replying, holidays and all that. Best Regards Martin Wheldon On 2012-12-21 16:31, Jason wrote: > So no one is running dspam on Debian squeeze with LDAP user lookups? > > Sent from my iPhone > > On Dec 13, 2012, at 12:11 PM, Jason Johnson > <jason.johnson....@gmail.com [4]> wrote: > >> Ok, I checked the link. On debian the ldap.conf file is /etc/ldap >> and all programs in the system seem to understand this some how (I >> haven't yet found where this is being set and I don't see LDAPCONF >> being set). But just in case, I made a symlink in /usr/local/etc for >> openldap in case dspam was still using that somehow. Still nothing. >> I've tried everything I can think of and all I get from the log >> files is: >> >> Dec 13 11:53:30 server slapd[2030]: conn=1000 fd=11 closed (TLS >> negotiation failure) >> Dec 13 11:53:30 server dspam[1977]: External Lookup: Backend >> initialization failure: Can't contact LDAP server >> >> This is all I've ever gotten so I can't even tell if it's using the >> certificates or what. >> >> My dspam.d/extlookup.conf is: >> >> ExtLookup on # Turns on/off external lookup >> ExtLookupMode strict # available modes are 'verify', 'map' and >> 'strict'. >> # 'strict' enforces both verify and map >> ExtLookupDriver ldap # Currently only ldap and program are >> supported. >> # There are plans to support both MySQL and Postgres. >> ExtLookupServer localhost # Can either be a database hostname or >> the full path to >> # an executable lookup program and its arguments. >> ExtLookupPort 636 # Desired port when connecting to the lookup >> database. >> ExtLookupDB "ou=people,dc=myserver,dc=com" # Can either be an LDAP >> search base or a database name (TODO). >> ExtLookupQuery "(&(objectClass=posixAccount)(uid=%u))" # Can either >> be an LDAP search filter or an SQL query (TODO) >> ExtLookupLDAPAttribute "uid" # Attribute to be used when >> ExtLookupDriver is 'ldap' >> # and ExtLookupMode 'map' or 'strict' >> ExtLookupLDAPScope sub # Can be set to 'base', 'sub' or 'one'. Only >> used when ExtLookupDriver is 'ldap'. >> ExtLookupLDAPVersion 3 # Sets the LDAP protocol version (1, 2 or 3) >> ExtLookupLogin "cn=myuser,ou=administrators,dc=myserver,dc=com" # >> Login to be used when connecting to any direct database backend. >> ExtLookupPassword "mypassword" # Password to use with >> ExtLookupLogin. >> ExtLookupCryptox tls # Sets the use of TLS on backend communication >> (only compatible with LDAPv3) >> >> Has anyone gotten this working on Debian Squeeze? >> >> Sincerely >> Jason >> >> On Mon, Nov 26, 2012 at 8:31 PM, Quanah Gibson-Mount >> <qua...@zimbra.com [3]> wrote: >> >>> --On Saturday, November 24, 2012 1:51 PM +0100 Jason Johnson >>> <jason.johnson....@gmail.com [1]> wrote: >>> >>>> I assume the problem is that the LDAP library isn't finding >>>> where the >>>> certs are. Is there any way for me to tell it? >>> >>> >> > > <http://www.openldap.org/software/man.cgi?query=ldap.conf&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html >>> [2]> >>> >>> --Quanah >>> >>> -- >>> >>> Quanah Gibson-Mount >>> Sr. Member of Technical Staff >>> Zimbra, Inc >>> A Division of VMware, Inc. >>> -------------------- >>> Zimbra :: the leader in open source messaging and collaboration > !DSPAM:9,50d488b833231113914300! > > Links: > ------ > [1] mailto:jason.johnson....@gmail.com > [2] > > http://www.openldap.org/software/man.cgi?query=ldap.conf&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html > [3] mailto:qua...@zimbra.com > [4] mailto:jason.johnson....@gmail.com ------------------------------------------------------------------------------ Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery and much more. Keep your Java skills current with LearnJavaNow - 200+ hours of step-by-step video tutorials by Java experts. SALE $49.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122612 _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
