Hmmm... what versions of OpenLDAP and Dovecot are you using? I note
that you got a result of "uid(user)=foo", from which I guess that you had pass_attrs set to user=uid or some such. I tried adding a pass_attrs of user=mail, in case the problem is that without requested fields, the code in dovecot doesn't return anything. It didn't work; it still hangs and times out after 3 minutes.
On Fri, 2008-04-04 at 00:11 +0300, Timo Sirainen wrote:
No, I mean this appears to be a bug somewhere since a LDAP request is
sent, but it's never received by Dovecot. So either Dovecot does
something wrong, OpenLDAP library does something wrong or your network
blocks the reply for some reason. For example on my system:auth(default): ldap(foo,127.0.0.1): bind search: base=... auth(default): ldap(foo,127.0.0.1): result: uid(user)=foo
If Dovecot receives a reply to the "bind search", it logs the "result"
line, which your logs show is missing.On Apr 4, 2008, at 12:06 AM, Jack McKinney wrote:
I am not sure that I understand you, here. Are you saying that I am missing something from my configuration after the "filter=" line
like a pass_attrs listing fields to return? I do not have one, as there
are no fields that I need returned. The only thing that dovecot needs is the DN of the match itself.According to http://wiki.dovecot.org/AuthDatabase/LDAP ,
"The pass_filter is used to find the LDAP entry, and the DN is taken from the reply."
Should I add a dummy pass_attrs entry? What field is safe to grab? E.g., I do not want to overwrite "user"...
On Thu, 2008-04-03 at 23:59 +0300, Timo Sirainen wrote:
On Thu, 2008-04-03 at 09:46 -0500, Jack McKinney wrote:
ldap(jackmc@lorentz.com,y.y.y.y): bind search: base=ou=users, dc=lorentz,dc=com filter=(&(objectClass=inetOrgPerson)(mail=jackmc@lorentz.com))
Here should be a line saying "result: <returned fields>". Since there isn't, Dovecot never appears to receive the reply. You could verify
this by adding to src/auth/db-ldap.c ldap_input() around line 372:msgid = ldap_msgid(res);
// added line: i_info("LDAP: Received reply %d", msgid);
msgid might be the same as this tag:
Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SEARCH RESULT
tag=101But I'm not sure. If you anyway receive a reply after the "bind
search", there's something wrong in Dovecot's error handling.-- Jack McKinney GPG 1024D/99C6A174 jackmc@lorentz.com YM:lfaatsnat2006 AIM:jackmclorentz "There is no parameter that makes it impossible for you to perform
still more excellently." -Mario Cuomo, on the lack of a clock in baseball
-- Jack McKinney GPG 1024D/99C6A174 jackmc@lorentz.com YM:lfaatsnat2006 AIM:jackmclorentz "There is no parameter that makes it impossible for you to perform still more excellently." -Mario Cuomo, on the lack of a clock in baseball