[Dovecot] LDAP auth_bind hangs and times out

Jack McKinney jackmc at lorentz.com
Fri Apr 4 00:28:52 EEST 2008


	I added the i_info line below and copied over the new dovecot-auth. It
is hanging at the same place; the "LDAP: Received reply" line is not in
the log.  Again, exactly 180 seconds after the last log entry, the
connection drops.  However, that line _does_ appear in the log back at
startup...

Apr  3 15:19:05 fourier dovecot: Dovecot v1.0.12 starting up
Apr  3 15:19:05 fourier dovecot: auth(default): LDAP: Received reply 1
Apr  3 15:19:06 fourier dovecot: auth(default): new auth connection:
pid=30934
Apr  3 15:19:06 fourier dovecot: auth(default): new auth connection:
pid=30935
Apr  3 15:19:06 fourier dovecot: auth(default): new auth connection:
pid=30936
Apr  3 15:19:21 fourier dovecot: auth(default): new auth connection:
pid=30974
Apr  3 15:19:28 fourier dovecot: auth(default): client in:
AUTH^I1^IPLAIN^Iservice=IMAP^Isecured^Ilip=x.x.x.x^Irip=y.y.y.y^Iresp=<hidden>
Apr  3 15:19:28 fourier dovecot: auth(default):
ldap(jackmc at lorentz.com,y.y.y.y): bind search: base=ou=users,
dc=lorentz,dc=com
filter=(&(objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))
Apr  3 15:22:28 fourier dovecot: imap-login: Disconnected: Inactivity:
method=PLAIN, rip=y.y.y.y, lip=x.x.x.x, TLS



On Fri, 2008-04-04 at 00:11 +0300, Timo Sirainen wrote:
> No, I mean this appears to be a bug somewhere since a LDAP request is  
> sent, but it's never received by Dovecot. So either Dovecot does  
> something wrong, OpenLDAP library does something wrong or your network  
> blocks the reply for some reason. For example on my system:
> 
> auth(default): ldap(foo,127.0.0.1): bind search: base=...
> auth(default): ldap(foo,127.0.0.1): result: uid(user)=foo
> 
> If Dovecot receives a reply to the "bind search", it logs the "result"  
> line, which your logs show is missing.
> 
> On Apr 4, 2008, at 12:06 AM, Jack McKinney wrote:
> > 	I am not sure that I understand you, here. Are you saying that I am
> > missing something from my configuration after the "filter=" line  
> > like a
> > pass_attrs listing fields to return?  I do not have one, as there  
> > are no
> > fields that I need returned.  The only thing that dovecot needs is the
> > DN of the match itself.
> >
> > 	According to http://wiki.dovecot.org/AuthDatabase/LDAP ,
> >
> > "The pass_filter is used to find the LDAP entry, and the DN is taken
> > from the reply."
> >
> > 	Should I add a dummy pass_attrs entry?  What field is safe to grab?
> > E.g., I do not want to overwrite "user"...
> >
> > On Thu, 2008-04-03 at 23:59 +0300, Timo Sirainen wrote:
> >> On Thu, 2008-04-03 at 09:46 -0500, Jack McKinney wrote:
> >>
> >>> ldap(jackmc at lorentz.com,y.y.y.y): bind search: base=ou=users,
> >>> dc=lorentz,dc=com
> >>> filter=(&(objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))
> >>
> >> Here should be a line saying "result: <returned fields>". Since there
> >> isn't, Dovecot never appears to receive the reply. You could verify  
> >> this
> >> by adding to src/auth/db-ldap.c ldap_input() around line 372:
> >>
> >> 		msgid = ldap_msgid(res);
> >> // added line:
> >> 		i_info("LDAP: Received reply %d", msgid);
> >>
> >> msgid might be the same as this tag:
> >>
> >>> Apr  3 08:13:30 fourier slapd[14039]: conn=7 op=3 SEARCH RESULT  
> >>> tag=101
> >>
> >> But I'm not sure. If you anyway receive a reply after the "bind  
> >> search",
> >> there's something wrong in Dovecot's error handling.
> >>
> > -- 
> > Jack McKinney
> > GPG 1024D/99C6A174
> > jackmc at lorentz.com YM:lfaatsnat2006 AIM:jackmclorentz
> > "There is no parameter that makes it impossible for you to perform  
> > still
> > more excellently."
> >   -Mario Cuomo, on the lack of a clock in baseball
> 
-- 
Jack McKinney
GPG 1024D/99C6A174
jackmc at lorentz.com YM:lfaatsnat2006 AIM:jackmclorentz
"There is no parameter that makes it impossible for you to perform still
more excellently."
   -Mario Cuomo, on the lack of a clock in baseball
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080403/b7c92f1d/attachment-0001.bin 


More information about the dovecot mailing list