Hi help is preciated,
PROBLEM
The dovecot-ldap.conf of "proxy server A" is working when the "host" attribute is the FQDN of other server:
pass_attrs = uid=user,userPassword={SSHA}password,
=proxy_maybe=,maildrop=host,=port=143,=destuser=%u,=starttls=any-cert
pass_filter = (&(objectClass=posixAccount)(uid=%u))
CASES
When the "host" attribute is the "FQDN of server A" dovecot imap-login start and infinite loop which swallow all RAM, and process are showing many connections although is just 1 test user connected. It seems that connections are infinitely proxified to it self.
When the "host" attribute is the "IP of server A" dovecot imap-login works OK, login the user locally in the server A.
I include debug message int the source of "dovecot-2.0.11/src/auth/auth-request.c" which appears:
Mar 25 14:10:49 debian dovecot: auth: Debug: ldap(steran,172.26.98.85): result: uid(user)=steran maildrop(host)=smtp2.tsj-dem.gob.ve Mar 25 14:10:49 debian dovecot: auth: Debug: BROKEN SETUP
The modifications appears here and reveals problems with the call to net_addr2ip(host, &ip) in auth_request_proxy_is_self:
static bool auth_request_proxy_is_self(struct auth_request *request) { const char *const *tmp, *host = NULL, *port = NULL, *destuser = NULL; struct ip_addr ip;
tmp = auth_stream_split(request->extra_fields);
for (; *tmp != NULL; tmp++) {
if (strncmp(*tmp, "host=", 5) == 0)
host = *tmp + 5;
else if (strncmp(*tmp, "port=", 5) == 0)
port = *tmp + 5;
if (strncmp(*tmp, "destuser=", 9) == 0)
destuser = *tmp + 9;
}
if (host == NULL || net_addr2ip(host, &ip) < 0) {
/* broken setup */
T_BEGIN {
i_debug("BROKEN SETUP %s", host);
} T_END;
return FALSE;
}
if (!net_ip_compare(&ip, &request->local_ip)){
T_BEGIN {
i_debug("%s", "IPS NOT EQUAL");
}T_END;
return FALSE;
}
if (port != NULL && !str_uint_equals(port, request->local_port)){
T_BEGIN {
i_debug("%s", "PORTS DIFFERENT");
} T_END;
return FALSE;
}
return destuser == NULL ||
strcmp(destuser, request->original_username) == 0;
}
-- "You don't know where your shadow will fall", Somebody.-
Olaf Reitmaier Veracierta <olafrv@gmail.com>
http://www.olafrv.com