subject:"openldap lookup error"

Re: openldap lookup error

2017-09-06 Thread Bill Cole


On 6 Sep 2017, at 7:55, hyndavirap...@bel.co.in wrote:

Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: 
dict_ldap_debug:

TLS: could not read certificate file
/etc/postfix/new_certs_/ca_cert_ldap.pem - error -5966:Access Denied. 
Sep


Check the permissions on that file. It must be readable by the postfix 
user. Your LDAP server may require very tight permissions (0400 or 0600) 
on all the certificate files that it uses, so you may need to use a copy 
of the file that postfix can access, distinct from the copy used by the 
LDAP server.


It also MAY be that an extra security layer (such as SELinux) is 
blocking access to that file.

openldap lookup error

2017-09-06 Thread hyndavirapuru

Hi,

I have configured postfix to work with openldap server for lookups.
main.cf configurations are as below,

##
virtual_mailbox_domains=1CorpHQ.tcs.mil.in
virtual_mailbox_base=/var/mail/vmail
virtual_mailbox_maps=ldap:/etc/postfix/virtual_mailbox_ssl_ldapusers
virtual_alias_maps=ldap:/etc/postfix/virtual_alias_map_ssl_ldapusers,
ldap:/etc/postfix/ldapdistlist_ssl.cf
virtual_minimum_uid=1000
virtual_uid_maps=static:6000
virtual_gid_maps=static:6000

##

VIRTUAL_ALIAS_MAP_SSL_LDAPUSERS FILE IS AS BELOW

server_host = ldap://1CorpHQ:389
#server_port = 389
start_tls = yes
tls_require_cert = yes
tls_ca_cert_file = /etc/postfix/new_certs_/ca_cert_ldap.pem
bind = yes
bind_dn = cn=admin,dc=tcs,dc=mil,dc=in
bind_pwd = tcsmsg
version = 3
search_base = dc=tcs,dc=mil,dc=in
scope = sub
timeout = 5
query_filter = uid=%u
result_attribute = mailHost
debuglevel = 1


But when i'm sending mail, postfix is not able to contact directory
server. log is as follows


Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: initializing the server-side
TLS engine
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: connect from
unknown[201.123.80.7]
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: setting up TLS connection
from unknown[201.123.80.7]
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: unknown[201.123.80.7]: TLS
cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:before/accept
initialization
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 read client
hello A
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write
server hello A
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write
certificate A
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write key
exchange A
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write
server done A
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 flush data
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 read client
key exchange A
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 read
finished A
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write
change cipher spec A
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write
finished A
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 flush data
Sep  6 17:02:50 1CorpHQ postfix/smtpd[28812]: Anonymous TLS connection
established from unknown[201.123.80.7]: TLSv1 with cipher
ECDHE-RSA-AES256-SHA (256/256 bits)
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_create
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_url_parse_ext(ldap://1CorpHQ:389)
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_extended_operation_s
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_extended_operation
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_send_initial_request
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_new_connection 1 1 0
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_int_open_connection
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_connect_to_host: TCP 1CorpHQ:389
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_new_socket: 13
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_prepare_socket: 13
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_connect_to_host: Trying 127.0.0.1:389
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_pvt_connect: fd: 13 tm: 5 async: 0
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_ndelay_on: 13
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
attempting to connect:
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
connect errno: 115
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_int_poll: fd: 13 tm: 5
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_is_sock_ready: 13
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_ndelay_off: 13
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_pvt_connect: 0
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_open_defconn: successful
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ldap_send_server_request
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ber_scanf fmt ({it) ber:
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ber_scanf fmt ({) ber:
Sep  6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug:
ber_flush2: 31 bytes to sd 13
Sep

Re: openldap lookup error

openldap lookup error

2 matches

Site Navigation

Mail list logo

Footer information