[Dovecot] LDAP auth_bind hangs and times out
jackmc at lorentz.com
Fri Apr 4 00:06:00 EEST 2008
I am not sure that I understand you, here. Are you saying that I am
missing something from my configuration after the "filter=" line like a
pass_attrs listing fields to return? I do not have one, as there are no
fields that I need returned. The only thing that dovecot needs is the
DN of the match itself.
According to http://wiki.dovecot.org/AuthDatabase/LDAP ,
"The pass_filter is used to find the LDAP entry, and the DN is taken
from the reply."
Should I add a dummy pass_attrs entry? What field is safe to grab?
E.g., I do not want to overwrite "user"...
On Thu, 2008-04-03 at 23:59 +0300, Timo Sirainen wrote:
> On Thu, 2008-04-03 at 09:46 -0500, Jack McKinney wrote:
> > ldap(jackmc at lorentz.com,y.y.y.y): bind search: base=ou=users,
> > dc=lorentz,dc=com
> > filter=(&(objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))
> Here should be a line saying "result: <returned fields>". Since there
> isn't, Dovecot never appears to receive the reply. You could verify this
> by adding to src/auth/db-ldap.c ldap_input() around line 372:
> msgid = ldap_msgid(res);
> // added line:
> i_info("LDAP: Received reply %d", msgid);
> msgid might be the same as this tag:
> > Apr 3 08:13:30 fourier slapd: conn=7 op=3 SEARCH RESULT tag=101
> But I'm not sure. If you anyway receive a reply after the "bind search",
> there's something wrong in Dovecot's error handling.
jackmc at lorentz.com YM:lfaatsnat2006 AIM:jackmclorentz
"There is no parameter that makes it impossible for you to perform still
-Mario Cuomo, on the lack of a clock in baseball
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080403/a71d430b/attachment.bin
More information about the dovecot