[Bug 81242] Re: postfix-ldap is linked against gnuTLS
I still seem to have a problem solved by copying /dev/random to /var/spool/postfix/dev/random (urandom exists). This is on Precise with Postfix 12.04. I am using Postfix+LDAP+OpenSSL. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in Ubuntu. https://bugs.launchpad.net/bugs/81242 Title: postfix-ldap is linked against gnuTLS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/81242/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 81242] Re: postfix-ldap is linked against gnuTLS
Just ran into this problem in lucid. Just wanted to leave a comment to point out that it's still an issue. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in Ubuntu. https://bugs.launchpad.net/bugs/81242 Title: postfix-ldap is linked against gnuTLS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/81242/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 81242] Re: postfix-ldap is linked against gnuTLS
@Andreas, Yes, I am using Postfix + LDAP, but I worked around this problem by running a local slapd that syncrepl's the relevant DB's over SSL, and then configured postfix to use ldap://127.0.0.1. It's far from elegant, but it does have the additional benefit that mail can still be accepted, even in the event the central LDAP server occasionally doesn't answer. Still, it's sloppy that this has been an issue for about four(!) years now. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in ubuntu. https://bugs.launchpad.net/bugs/81242 Title: postfix-ldap is linked against gnuTLS -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 81242] Re: postfix-ldap is linked against gnuTLS
For what it's worth this is still a problem in 10.04.1 and Postfix 2.7.0-1. Manually copying /dev/random and /dev/urandom to /var/spool/postfix/dev works around the problem. I also find it quite strange that this doesn't affect more people. In fact this bug seems to have been completely forgotten. Is nobody using Postfix, LDAP and SSL/TLS on Ubuntu? -- postfix-ldap is linked against gnuTLS https://bugs.launchpad.net/bugs/81242 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 81242] Re: postfix-ldap is linked against gnuTLS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Neil Hoggarth schreef: Should the postfix package not be updated to mknod suitable devices in /var/spool/postfix/dev on installation? That was the original point I made, yes. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmUv78ACgkQ1C6FlsCYaHXCBgCePlYH3KGGZriFlKAD4UWmBvTP SNAAnA5q5gFUEbHA3qJtlhXMPGjISVkC =mKtw -END PGP SIGNATURE- -- postfix-ldap is linked against gnuTLS https://bugs.launchpad.net/bugs/81242 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 81242] Re: postfix-ldap is linked against gnuTLS
Well, for one you could work around the issue using: mkdir /var/spool/postfix/dev cp -a /dev/random /dev/urandom /var/spool/postfix/dev This should solve the exit_group(2) errors, as it did for me. Of course the proper (read: permanent) fix would be to include this in the init scripts, but this should work for now. Brendan Martens schreef: So what is needed exactly? I currently have an LDAP installation failing due to this exact issue of being compiled against gnutls. Right now all I have is a debut level log output. Let me know if I might be able to supply more helpful information? This is where ldap goes bad: TLS: could not set cipher list SSLv3. main: TLS init def ctx failed: -1 slapd destroy: freeing system resources. slapd stopped. connections_destroy: nothing to destroy. -- postfix-ldap is linked against gnuTLS https://bugs.launchpad.net/bugs/81242 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 81242] Re: postfix-ldap is linked against gnuTLS
So what is needed exactly? I currently have an LDAP installation failing due to this exact issue of being compiled against gnutls. Right now all I have is a debut level log output. Let me know if I might be able to supply more helpful information? This is where ldap goes bad: TLS: could not set cipher list SSLv3. main: TLS init def ctx failed: -1 slapd destroy: freeing system resources. slapd stopped. connections_destroy: nothing to destroy. -- postfix-ldap is linked against gnuTLS https://bugs.launchpad.net/bugs/81242 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 81242] Re: postfix-ldap is linked against gnuTLS
Marking as 'incomplete' and unmilestoning. We still need the stderr output of a process that's failing in this way to diagnose whether it's a postfix or gnutls bug. IMHO it is a bug in both. - GnuTLS is a library and therefore should not do fprintf(stderr,..) + exit, because printing to stderr isn't useful for a postfix child - Postfix does not provide /dev/u?random in the chroot, triggering the issue. -- postfix-ldap is linked against gnuTLS https://bugs.launchpad.net/bugs/81242 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 81242] Re: postfix-ldap is linked against gnuTLS
** Changed in: postfix (Ubuntu) Status: Incomplete = Confirmed -- postfix-ldap is linked against gnuTLS https://bugs.launchpad.net/bugs/81242 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 81242] Re: postfix-ldap is linked against gnuTLS
Thu GNU TLS library does exit_group(2) when no /dev/random (or /dev/urandom) is available (in the chroot, there isn't, so the TLS code for LDAP is broken). Wietse Venema wrote the explanation Steve Langasek quoted, because Wietse does not really like a library calling exit_group(2). I'm not aware of any problems other than this one. For me adding /dev/u?random to the chroot would suffice. -- postfix-ldap is linked against gnuTLS https://bugs.launchpad.net/bugs/81242 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 81242] Re: postfix-ldap is linked against gnuTLS
[15 Apr, @01:00 CEST, Steve Langasek wrote in [Bug 81242] Re: postfix-ldap i ...] Marking as 'incomplete' and unmilestoning. We still need the stderr output of a process that's failing in this way to diagnose whether it's a postfix or gnutls bug. It will not be possible for me to provide this debugging output, as we have switched to Exim for this particular implementation, and this is now running production. -- grtz, - Miek GPG Key ID: 3880 D0F6 http://www.miek.nl/ ** Attachment added: unnamed http://launchpadlibrarian.net/13469348/unnamed -- postfix-ldap is linked against gnuTLS https://bugs.launchpad.net/bugs/81242 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 81242] Re: postfix-ldap is linked against gnuTLS
So we have openldap 2.4 in Hardy. Can this get fixed now? Is it already? -- postfix-ldap is linked against gnuTLS https://bugs.launchpad.net/bugs/81242 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs