Re: [Dspam-user] Problem with External lookup to OpenLdap server with TLS
Brought to you by:
paulcockings,
sbajic
From: Jason J. <jas...@gm...> - 2013-01-06 13:58:02
|
Hi Martin No, I haven't managed to. No problem about the delay, I was just concerned that my mails weren't actually reaching the list. My LDAP server is set up to only run ldaps, which seems to only listen on 636. When I check netstat I don't see anything listening on the normal ldap port. And to be safe, I tried leaving out the port configuration from my DSPAM config and then the error is that no ldap server was found. On Wed, Jan 2, 2013 at 10:14 AM, Martin Wheldon < mar...@gr...> wrote: > Hi Jason, > > Have you managed to get this working if not. You seem to be asking > DSPAM to attempt a StartTLS connection on the SSL port 636. Usually you > would use StartTLS on the standard ldap port. > > Sorry about the delay replying, holidays and all that. > > Best Regards > > Martin Wheldon > > On 2012-12-21 16:31, Jason wrote: > > So no one is running dspam on Debian squeeze with LDAP user lookups? > > > > Sent from my iPhone > > > > On Dec 13, 2012, at 12:11 PM, Jason Johnson > > <jas...@gm... [4]> wrote: > > > >> Ok, I checked the link. On debian the ldap.conf file is /etc/ldap > >> and all programs in the system seem to understand this some how (I > >> haven't yet found where this is being set and I don't see LDAPCONF > >> being set). But just in case, I made a symlink in /usr/local/etc for > >> openldap in case dspam was still using that somehow. Still nothing. > >> I've tried everything I can think of and all I get from the log > >> files is: > >> > >> Dec 13 11:53:30 server slapd[2030]: conn=1000 fd=11 closed (TLS > >> negotiation failure) > >> Dec 13 11:53:30 server dspam[1977]: External Lookup: Backend > >> initialization failure: Can't contact LDAP server > >> > >> This is all I've ever gotten so I can't even tell if it's using the > >> certificates or what. > >> > >> My dspam.d/extlookup.conf is: > >> > >> ExtLookup on # Turns on/off external lookup > >> ExtLookupMode strict # available modes are 'verify', 'map' and > >> 'strict'. > >> # 'strict' enforces both verify and map > >> ExtLookupDriver ldap # Currently only ldap and program are > >> supported. > >> # There are plans to support both MySQL and Postgres. > >> ExtLookupServer localhost # Can either be a database hostname or > >> the full path to > >> # an executable lookup program and its arguments. > >> ExtLookupPort 636 # Desired port when connecting to the lookup > >> database. > >> ExtLookupDB "ou=people,dc=myserver,dc=com" # Can either be an LDAP > >> search base or a database name (TODO). > >> ExtLookupQuery "(&(objectClass=posixAccount)(uid=%u))" # Can either > >> be an LDAP search filter or an SQL query (TODO) > >> ExtLookupLDAPAttribute "uid" # Attribute to be used when > >> ExtLookupDriver is 'ldap' > >> # and ExtLookupMode 'map' or 'strict' > >> ExtLookupLDAPScope sub # Can be set to 'base', 'sub' or 'one'. Only > >> used when ExtLookupDriver is 'ldap'. > >> ExtLookupLDAPVersion 3 # Sets the LDAP protocol version (1, 2 or 3) > >> ExtLookupLogin "cn=myuser,ou=administrators,dc=myserver,dc=com" # > >> Login to be used when connecting to any direct database backend. > >> ExtLookupPassword "mypassword" # Password to use with > >> ExtLookupLogin. > >> ExtLookupCryptox tls # Sets the use of TLS on backend communication > >> (only compatible with LDAPv3) > >> > >> Has anyone gotten this working on Debian Squeeze? > >> > >> Sincerely > >> Jason > >> > >> On Mon, Nov 26, 2012 at 8:31 PM, Quanah Gibson-Mount > >> <qu...@zi... [3]> wrote: > >> > >>> --On Saturday, November 24, 2012 1:51 PM +0100 Jason Johnson > >>> <jas...@gm... [1]> wrote: > >>> > >>>> I assume the problem is that the LDAP library isn't finding > >>>> where the > >>>> certs are. Is there any way for me to tell it? > >>> > >>> > >> > > > > < > http://www.openldap.org/software/man.cgi?query=ldap.conf&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html > >>> [2]> > >>> > >>> --Quanah > >>> > >>> -- > >>> > >>> Quanah Gibson-Mount > >>> Sr. Member of Technical Staff > >>> Zimbra, Inc > >>> A Division of VMware, Inc. > >>> -------------------- > >>> Zimbra :: the leader in open source messaging and collaboration > > !DSPAM:9,50d488b833231113914300! > > > > Links: > > ------ > > [1] mailto:jas...@gm... > > [2] > > > > > http://www.openldap.org/software/man.cgi?query=ldap.conf&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html > > [3] mailto:qu...@zi... > > [4] mailto:jas...@gm... > > > > ------------------------------------------------------------------------------ > Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery > and much more. Keep your Java skills current with LearnJavaNow - > 200+ hours of step-by-step video tutorials by Java experts. > SALE $49.99 this month only -- learn more at: > http://p.sf.net/sfu/learnmore_122612 > _______________________________________________ > Dspam-user mailing list > Dsp...@li... > https://lists.sourceforge.net/lists/listinfo/dspam-user > |