[tpop3d-discuss]tpop and ldap tls problem

Adam a.chabin at amg.net.pl
Thu, 15 Dec 2005 09:46:37 +0100


cv wrote:

> Daniel Tiefnig wrote:
>
>> Adam wrote:
>>  
>>
>>> ldapsearch -x  -W -D 'cn=administrator,o=something,c=pl' -b
>>> 'o=something,c=pl' '(givenName=*)' -LLL -h xxxxxxx -P 3 -ZZ
>>>
>>> works ok
>>>
>>> ldapsearch -x  -W -D 'cn=administrator,o=something,c=pl' -b
>>> 'o=something,c=pl' '(givenName=*)' -LLL -H ldaps://xxxxxxx -P 3
>>>
>>> works ok
>>>     
>>
>>
>> Hmmm, so tpop3d should also work with TLS. auth-ldap-url is
>> "ldap://xxxxxxxxx/ou=People,o=company,c=pl", (not "ldaps:") even if
>> auth-ldap-use-tls is enabled? This is important, tpop3d will use port
>> 636 if not.
>>
>> If this is not the problem, you may have to enable debugging on you LDAP
>> server, and see why it fails, and if tpop3d connects at all.
>>
>>
>> lg,
>> daniel
>>
>> _______________________________________________
>> tpop3d-discuss mailing list
>> tpop3d-discuss@lists.beasts.org
>> http://lists.beasts.org/mailman/listinfo/tpop3d-discuss
>>   
>
>
> Hi,
>
> You effectively need to use either ldap://hostname/xxxxx  and enable TLS
>
1. this config:

auth-ldap-use-tls:      true
auth-ldap-url:          ldap://hostname/o=something,c=pl

works, but on port 389, tpop3d -d -v:
.........
auth_ldap_init: using DN o=something,c=pl on hostname:389

2. this config:

#auth-ldap-use-tls:     true
auth-ldap-url:          ldaps://hostname/o=something,c=pl

gives error, tpop3d -d -v:
.............
auth_ldap_init: using DN o=something,c=pl on hostname:636
1 authentication drivers successfully loaded
net_loop: tpop3d version 1.5.3 successfully started
try_ldap_connect_bind: ldap_simple_bind_s: Can't contact LDAP server
try_ldap_connect_bind: ldap_simple_bind_s: Can't contact LDAP server
try_ldap_connect_bind: ldap_simple_bind_s: Can't contact LDAP server
auth_ldap_new_user_pass: unable to connect and bind to LDAP server

ldap debug:

Dec 15 09:40:06 server slapd[23330]: daemon: select: listen=6
active_threads=0 tvp=NULL
Dec 15 09:40:06 server slapd[23330]: daemon: select: listen=7
active_threads=0 tvp=NULL
Dec 15 09:40:06 server slapd[23330]: daemon: select: listen=8
active_threads=0 tvp=NULL
Dec 15 09:40:06 server slapd[23330]: daemon: select: listen=9
active_threads=0 tvp=NULL
Dec 15 09:40:06 server slapd[23330]: daemon: activity on 2 descriptors
Dec 15 09:40:06 server slapd[23330]: daemon: select: listen=6
active_threads=0 tvp=NULL
Dec 15 09:40:06 server slapd[23330]: daemon: select: listen=7
active_threads=0 tvp=NULL
Dec 15 09:40:06 server slapd[23330]: daemon: select: listen=8
active_threads=0 tvp=NULL
Dec 15 09:40:06 server slapd[23330]: daemon: select: listen=9
active_threads=0 tvp=NULL
Dec 15 09:40:06 server slapd[23330]: daemon: activity on 1 descriptors
Dec 15 09:40:06 server slapd[23330]: daemon: new connection on 12
Dec 15 09:40:06 server slapd[23330]: conn=5 fd=12 ACCEPT from
IP=xxxxxxxx:4926 (IP=xxxxxxx:636)
Dec 15 09:40:06 server slapd[23330]: daemon: added 12r
Dec 15 09:40:06 server slapd[23330]: daemon: activity on:
Dec 15 09:40:06 server slapd[23330]:
Dec 15 09:40:06 server slapd[23330]: daemon: select: listen=6
active_threads=0 tvp=NULL
Dec 15 09:40:06 server slapd[23330]: daemon: select: listen=7
active_threads=0 tvp=NULL
Dec 15 09:40:06 server slapd[23330]: daemon: select: listen=8
active_threads=0 tvp=NULL
Dec 15 09:40:06 server slapd[23330]: daemon: select: listen=9
active_threads=0 tvp=NULL
Dec 15 09:40:06 server slapd[23330]: daemon: activity on 1 descriptors
Dec 15 09:40:06 server slapd[23330]: daemon: activity on:
Dec 15 09:40:06 server slapd[23330]:  12r
Dec 15 09:40:06 server slapd[23330]:
Dec 15 09:40:06 server slapd[23330]: daemon: read activity on 12
Dec 15 09:40:06 server slapd[23330]: connection_get(12)
Dec 15 09:40:06 server slapd[23330]: connection_get(12): got connid=5
Dec 15 09:40:06 server slapd[23330]: connection_read(12): checking for
input on id=5
Dec 15 09:40:06 server slapd[23330]: connection_read(12): TLS accept
error error=-1 id=5, closing
Dec 15 09:40:06 server slapd[23330]: connection_closing: readying conn=5
sd=12 for close
Dec 15 09:40:06 server slapd[23330]: connection_close: conn=5 sd=12
Dec 15 09:40:06 server slapd[23330]: daemon: removing 12
Dec 15 09:40:06 server slapd[23330]: conn=5 fd=12 closed

Regards
Adam