Yes that's true but that's on port 636. And that line shows the problem I'm having: TLS isn't able to negotiate.
Sent from my iPhone On Jan 7, 2013, at 12:48 PM, Martin Wheldon <martin.whel...@greenhills-it.co.uk> wrote: > Hi Jason, > > Seems that the server is being found as shown in snippet below. > >>> Dec 13 11:53:30 server slapd[2030]: conn=1000 fd=11 closed (TLS >>> negotiation failure) > > Best Regards > > Martin > > On 2013-01-06 13:57, Jason Johnson wrote: >> Hi Martin >> >> No, I haven't managed to. No problem about the delay, I was just >> concerned that my mails weren't actually reaching the list. >> >> My LDAP server is set up to only run ldaps, which seems to only >> listen >> on 636. When I check netstat I don't see anything listening on the >> normal ldap port. And to be safe, I tried leaving out the port >> configuration from my DSPAM config and then the error is that no ldap >> server was found. >> >> On Wed, Jan 2, 2013 at 10:14 AM, Martin Wheldon >> <martin.whel...@greenhills-it.co.uk [12]> wrote: >> >>> Hi Jason, >>> >>> Have you managed to get this working if not. You seem to be asking >>> DSPAM to attempt a StartTLS connection on the SSL port 636. Usually >>> you >>> would use StartTLS on the standard ldap port. >>> >>> Sorry about the delay replying, holidays and all that. >>> >>> Best Regards >>> >>> Martin Wheldon >>> >>> On 2012-12-21 16:31, Jason wrote: >>>> So no one is running dspam on Debian squeeze with LDAP user >>> lookups? >>>> >>>> Sent from my iPhone >>>> >>>> On Dec 13, 2012, at 12:11 PM, Jason Johnson >>> >>>> <jason.johnson....@gmail.com [1] [4]> wrote: >>>> >>>>> Ok, I checked the link. On debian the ldap.conf file is >>> /etc/ldap >>>>> and all programs in the system seem to understand this some how >>> (I >>>>> haven't yet found where this is being set and I don't see >>> LDAPCONF >>>>> being set). But just in case, I made a symlink in /usr/local/etc >>> for >>>>> openldap in case dspam was still using that somehow. Still >>> nothing. >>>>> I've tried everything I can think of and all I get from the log >>>>> files is: >>>>> >>>>> Dec 13 11:53:30 server slapd[2030]: conn=1000 fd=11 closed (TLS >>>>> negotiation failure) >>>>> Dec 13 11:53:30 server dspam[1977]: External Lookup: Backend >>>>> initialization failure: Can't contact LDAP server >>>>> >>>>> This is all I've ever gotten so I can't even tell if it's using >>> the >>>>> certificates or what. >>>>> >>>>> My dspam.d/extlookup.conf is: >>>>> >>>>> ExtLookup on # Turns on/off external lookup >>>>> ExtLookupMode strict # available modes are 'verify', 'map' and >>>>> 'strict'. >>>>> # 'strict' enforces both verify and map >>>>> ExtLookupDriver ldap # Currently only ldap and program are >>>>> supported. >>>>> # There are plans to support both MySQL and Postgres. >>>>> ExtLookupServer localhost # Can either be a database hostname or >>>>> the full path to >>>>> # an executable lookup program and its arguments. >>>>> ExtLookupPort 636 # Desired port when connecting to the lookup >>>>> database. >>>>> ExtLookupDB "ou=people,dc=myserver,dc=com" # Can either be an >>> LDAP >>>>> search base or a database name (TODO). >>>>> ExtLookupQuery "(&(objectClass=posixAccount)(uid=%u))" # Can >>> either >>>>> be an LDAP search filter or an SQL query (TODO) >>>>> ExtLookupLDAPAttribute "uid" # Attribute to be used when >>>>> ExtLookupDriver is 'ldap' >>>>> # and ExtLookupMode 'map' or 'strict' >>>>> ExtLookupLDAPScope sub # Can be set to 'base', 'sub' or 'one'. >>> Only >>>>> used when ExtLookupDriver is 'ldap'. >>>>> ExtLookupLDAPVersion 3 # Sets the LDAP protocol version (1, 2 or >>> 3) >>>>> ExtLookupLogin "cn=myuser,ou=administrators,dc=myserver,dc=com" >>> # >>>>> Login to be used when connecting to any direct database backend. >>>>> ExtLookupPassword "mypassword" # Password to use with >>>>> ExtLookupLogin. >>>>> ExtLookupCryptox tls # Sets the use of TLS on backend >>> communication >>>>> (only compatible with LDAPv3) >>>>> >>>>> Has anyone gotten this working on Debian Squeeze? >>>>> >>>>> Sincerely >>>>> Jason >>>>> >>>>> On Mon, Nov 26, 2012 at 8:31 PM, Quanah Gibson-Mount >>> >>>>> <qua...@zimbra.com [2] [3]> wrote: >>>>> >>>>>> --On Saturday, November 24, 2012 1:51 PM +0100 Jason Johnson >>> >>>>>> <jason.johnson....@gmail.com [3] [1]> wrote: >>>>>> >>>>>>> I assume the problem is that the LDAP library isn't finding >>>>>>> where the >>>>>>> certs are. Is there any way for me to tell it? >> >> <http://www.openldap.org/software/man.cgi?query=ldap.conf&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html >>> [4] >>>>>> [2]> >>> >>>>>> >>>>>> --Quanah >>>>>> >>>>>> -- >>>>>> >>>>>> Quanah Gibson-Mount >>>>>> Sr. Member of Technical Staff >>>>>> Zimbra, Inc >>>>>> A Division of VMware, Inc. >>>>>> -------------------- >>>>>> Zimbra :: the leader in open source messaging and collaboration >>>> >>>> >>>> Links: >>>> ------ >>>> [1] mailto:jason.johnson....@gmail.com [5] >>>> [2] >> >> http://www.openldap.org/software/man.cgi?query=ldap.conf&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html >>> [6] >>>> [3] mailto:qua...@zimbra.com [7] >>>> [4] mailto:jason.johnson....@gmail.com [8] >> >> ------------------------------------------------------------------------------ >>> Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, >>> jQuery >>> and much more. Keep your Java skills current with LearnJavaNow - >>> 200+ hours of step-by-step video tutorials by Java experts. >>> SALE $49.99 this month only -- learn more at: >>> http://p.sf.net/sfu/learnmore_122612 [9] >>> _______________________________________________ >>> Dspam-user mailing list >>> Dspam-user@lists.sourceforge.net [10] >>> https://lists.sourceforge.net/lists/listinfo/dspam-user [11] >> >> !DSPAM:9,50e97c2633231193159094! >> >> Links: >> ------ >> [1] mailto:jason.johnson....@gmail.com >> [2] mailto:qua...@zimbra.com >> [3] mailto:jason.johnson....@gmail.com >> [4] >> >> http://www.openldap.org/software/man.cgi?query=ldap.conf&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html >> [5] mailto:jason.johnson....@gmail.com >> [6] >> >> http://www.openldap.org/software/man.cgi?query=ldap.conf&amp;apropos=0&amp;sektion=0&amp;manpath=OpenLDAP+2.4-Release&amp;format=html >> [7] mailto:qua...@zimbra.com >> [8] mailto:jason.johnson....@gmail.com >> [9] http://p.sf.net/sfu/learnmore_122612 >> [10] mailto:Dspam-user@lists.sourceforge.net >> [11] https://lists.sourceforge.net/lists/listinfo/dspam-user >> [12] mailto:martin.whel...@greenhills-it.co.uk > > > ------------------------------------------------------------------------------ > Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, > MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current > with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft > MVPs and experts. SALE $99.99 this month only -- learn more at: > http://p.sf.net/sfu/learnmore_122412 > _______________________________________________ > Dspam-user mailing list > Dspam-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/dspam-user ------------------------------------------------------------------------------ Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812 _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
