I added the i_info line below and copied over the new dovecot-auth. It
is hanging at the same place; the "LDAP: Received reply" line is not in the log. Again, exactly 180 seconds after the last log entry, the connection drops. However, that line _does_ appear in the log back at startup...
Apr 3 15:19:05 fourier dovecot: Dovecot v1.0.12 starting up Apr 3 15:19:05 fourier dovecot: auth(default): LDAP: Received reply 1 Apr 3 15:19:06 fourier dovecot: auth(default): new auth connection: pid=30934 Apr 3 15:19:06 fourier dovecot: auth(default): new auth connection: pid=30935 Apr 3 15:19:06 fourier dovecot: auth(default): new auth connection: pid=30936 Apr 3 15:19:21 fourier dovecot: auth(default): new auth connection: pid=30974 Apr 3 15:19:28 fourier dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Isecured^Ilip=x.x.x.x^Irip=y.y.y.y^Iresp=<hidden> Apr 3 15:19:28 fourier dovecot: auth(default): ldap(jackmc@lorentz.com,y.y.y.y): bind search: base=ou=users, dc=lorentz,dc=com filter=(&(objectClass=inetOrgPerson)(mail=jackmc@lorentz.com)) Apr 3 15:22:28 fourier dovecot: imap-login: Disconnected: Inactivity: method=PLAIN, rip=y.y.y.y, lip=x.x.x.x, TLS
On Fri, 2008-04-04 at 00:11 +0300, Timo Sirainen wrote:
No, I mean this appears to be a bug somewhere since a LDAP request is
sent, but it's never received by Dovecot. So either Dovecot does
something wrong, OpenLDAP library does something wrong or your network
blocks the reply for some reason. For example on my system:auth(default): ldap(foo,127.0.0.1): bind search: base=... auth(default): ldap(foo,127.0.0.1): result: uid(user)=foo
If Dovecot receives a reply to the "bind search", it logs the "result"
line, which your logs show is missing.On Apr 4, 2008, at 12:06 AM, Jack McKinney wrote:
I am not sure that I understand you, here. Are you saying that I am missing something from my configuration after the "filter=" line
like a pass_attrs listing fields to return? I do not have one, as there
are no fields that I need returned. The only thing that dovecot needs is the DN of the match itself.According to http://wiki.dovecot.org/AuthDatabase/LDAP ,
"The pass_filter is used to find the LDAP entry, and the DN is taken from the reply."
Should I add a dummy pass_attrs entry? What field is safe to grab? E.g., I do not want to overwrite "user"...
On Thu, 2008-04-03 at 23:59 +0300, Timo Sirainen wrote:
On Thu, 2008-04-03 at 09:46 -0500, Jack McKinney wrote:
ldap(jackmc@lorentz.com,y.y.y.y): bind search: base=ou=users, dc=lorentz,dc=com filter=(&(objectClass=inetOrgPerson)(mail=jackmc@lorentz.com))
Here should be a line saying "result: <returned fields>". Since there isn't, Dovecot never appears to receive the reply. You could verify
this by adding to src/auth/db-ldap.c ldap_input() around line 372:msgid = ldap_msgid(res);
// added line: i_info("LDAP: Received reply %d", msgid);
msgid might be the same as this tag:
Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SEARCH RESULT
tag=101But I'm not sure. If you anyway receive a reply after the "bind
search", there's something wrong in Dovecot's error handling.-- Jack McKinney GPG 1024D/99C6A174 jackmc@lorentz.com YM:lfaatsnat2006 AIM:jackmclorentz "There is no parameter that makes it impossible for you to perform
still more excellently." -Mario Cuomo, on the lack of a clock in baseball
-- Jack McKinney GPG 1024D/99C6A174 jackmc@lorentz.com YM:lfaatsnat2006 AIM:jackmclorentz "There is no parameter that makes it impossible for you to perform still more excellently." -Mario Cuomo, on the lack of a clock in baseball