miroch.alexander at gmail
Aug 1, 2013, 5:57 AM
Post #1 of 1
(20 views)
Permalink
|
|
[Bug 1375] New: Rebinding to existing ldap-connection with starttls
|
|
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1375
Summary: Rebinding to existing ldap-connection with starttls
Product: Exim
Version: 4.80
Platform: Other
OS/Version: Linux
Status: NEW
Severity: bug
Priority: medium
Component: SMTP Authentication
AssignedTo: pdp [at] exim
ReportedBy: miroch.alexander [at] gmail
CC: exim-dev [at] exim
I'm trying to implement smtp-ldap auth.
Common way to do it is:
1. Bind to ldap server (annonymously) and search for uid
2. Bind to ldap server with this uid and password
Here is server_condition in LOGIN authentificator:
server_condition = ${if and { \
{ eq{$1}{${lookup
ldap{ldap:///ou=acusers,dc=domain,dc=ru?uid?sub?(&(uid=$1)(cn=Filter))}{$value}fail}}
} \
{ ldapauth
{user="uid=${quote_ldap_dn:$1},ou=acusers,dc=domain,dc=ru" pass=${quote:$2}
ldap:///} } \
} {1}{0}}
And I have ldap_start_tls and ldap_require_cert directives set.
The problem is, that first connect (ldap-lookup) to server is ok, and the
second (ldapauth) fails with error:
"failed to initiate TLS processing on an LDAP session to server
safeguard.domain.ru:389 - ldap_start_tls_s() returned -2: Local error"
I can swap two conditions in 'server_condition' and then ldapauth will succeed,
and ldap-lookup will fail.
I think it is due to exim connection cache. Where second connection calls
ldap_start_tls_s() again.
--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
|
