[Dovecot] LDAP auth_bind hangs and times out

Fri Apr 4 00:06:00 EEST 2008

	I am not sure that I understand you, here. Are you saying that I am
missing something from my configuration after the "filter=" line like a
pass_attrs listing fields to return?  I do not have one, as there are no
fields that I need returned.  The only thing that dovecot needs is the
DN of the match itself.

	According to http://wiki.dovecot.org/AuthDatabase/LDAP ,

"The pass_filter is used to find the LDAP entry, and the DN is taken
from the reply."

	Should I add a dummy pass_attrs entry?  What field is safe to grab?
E.g., I do not want to overwrite "user"...

On Thu, 2008-04-03 at 23:59 +0300, Timo Sirainen wrote:
> On Thu, 2008-04-03 at 09:46 -0500, Jack McKinney wrote:
> 
> > ldap(jackmc at lorentz.com,y.y.y.y): bind search: base=ou=users,
> > dc=lorentz,dc=com
> > filter=(&(objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))
> 
> Here should be a line saying "result: <returned fields>". Since there
> isn't, Dovecot never appears to receive the reply. You could verify this
> by adding to src/auth/db-ldap.c ldap_input() around line 372:
> 
> 		msgid = ldap_msgid(res);
> // added line:
> 		i_info("LDAP: Received reply %d", msgid);
> 
> msgid might be the same as this tag:
> 
> > Apr  3 08:13:30 fourier slapd[14039]: conn=7 op=3 SEARCH RESULT tag=101
> 
> But I'm not sure. If you anyway receive a reply after the "bind search",
> there's something wrong in Dovecot's error handling.
> 
-- 
Jack McKinney
GPG 1024D/99C6A174
jackmc at lorentz.com YM:lfaatsnat2006 AIM:jackmclorentz
"There is no parameter that makes it impossible for you to perform still
more excellently."
   -Mario Cuomo, on the lack of a clock in baseball
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080403/a71d430b/attachment.bin