automx usetls ldap
Wojciech Giel
wojciech.giel at cimr.cam.ac.uk
Thu Mar 8 11:25:15 CET 2012
HI,
I'm trying to get automx running with ldap on debian squeeze. I'm have
openldap configured with ssl (ldaps) and starttls (ldap) enabled.
I can get results connecting without encryption but with tls and enabled
I have negotiation failed.
log from slapd:
Mar 8 10:00:46 autoconfig slapd[1905]: slap_listener_activate(8):
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: epoll: listen=8 busy
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: epoll: listen=9
active_threads=0 tvp=NULL
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: epoll: listen=10
active_threads=0 tvp=NULL
Mar 8 10:00:46 autoconfig slapd[1905]: >>>
slap_listener(ldap://127.0.0.1:389/)
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: listen=8, new connection
on 17
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: added 17r (active)
listener=(nil)
Mar 8 10:00:46 autoconfig slapd[1905]: conn=1003 fd=17 ACCEPT from
IP=127.0.0.1:37058 (IP=127.0.0.1:389)
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: activity on 1 descriptor
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: activity on:
...
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: read active on 17
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: epoll: listen=8
active_threads=0 tvp=NULL
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: epoll: listen=9
active_threads=0 tvp=NULL
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: epoll: listen=10
active_threads=0 tvp=NULL
Mar 8 10:00:46 autoconfig slapd[1905]: connection_get(17)
Mar 8 10:00:46 autoconfig slapd[1905]: connection_get(17): got connid=1003
Mar 8 10:00:46 autoconfig slapd[1905]: connection_read(17): checking
for input on id=1003
Mar 8 10:00:46 autoconfig slapd[1905]: op tag 0x77, time 1331200846
Mar 8 10:00:46 autoconfig slapd[1905]: conn=1003 op=0 do_extended
Mar 8 10:00:46 autoconfig slapd[1905]: conn=1003 op=0 EXT
oid=1.3.6.1.4.1.1466.20037
Mar 8 10:00:46 autoconfig slapd[1905]: do_extended:
oid=1.3.6.1.4.1.1466.20037
Mar 8 10:00:46 autoconfig slapd[1905]: conn=1003 op=0 STARTTLS
Mar 8 10:00:46 autoconfig slapd[1905]: send_ldap_extended: err=0 oid= len=0
Mar 8 10:00:46 autoconfig slapd[1905]: send_ldap_response: msgid=1
tag=120 err=0
Mar 8 10:00:46 autoconfig slapd[1905]: conn=1003 op=0 RESULT oid= err=0
text=
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: activity on 1 descriptor
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: activity on:
...
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: epoll: listen=8
active_threads=0 tvp=NULL
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: epoll: listen=9
active_threads=0 tvp=NULL
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: epoll: listen=10
active_threads=0 tvp=NULL
Mar 8 10:00:46 autoconfig slapd[1905]: connection_get(17)
Mar 8 10:00:46 autoconfig slapd[1905]: connection_get(17): got connid=1003
Mar 8 10:00:46 autoconfig slapd[1905]: connection_read(17): checking
for input on id=1003
Mar 8 10:00:46 autoconfig slapd[1905]: connection_read(17): TLS accept
failure error=-1 id=1003, closing
Mar 8 10:00:46 autoconfig slapd[1905]: connection_closing: readying
conn=1003 sd=17 for close
Mar 8 10:00:46 autoconfig slapd[1905]: connection_close: conn=1003 sd=17
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: removing 17
Mar 8 10:00:46 autoconfig slapd[1905]: conn=1003 fd=17 closed (TLS
negotiation failure)
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: activity on 1 descriptor
Mar 8 10:00:46 autoconfig slapd[1905]: daemon: activity on:
apache log:
[Wed Mar 07 12:39:58 2012] [error] [client 192.168.195.2] debug, request
GET: QUERY_STRING={'emailaddress': ['wojciech.giel at localdomain.local']}
[Wed Mar 07 12:39:58 2012] [error] [client 192.168.195.2]
data.configure(): {'desc': "Can't contact LDAP server"}
[Wed Mar 07 12:39:58 2012] [error] [client 192.168.195.2] debug, response:
[Wed Mar 07 12:39:58 2012] [error] [client 192.168.195.2] <?xml
version='1.0' encoding='utf-8'?>
[Wed Mar 07 12:39:58 2012] [error] [client 192.168.195.2] <clientConfig
version="1.1">
[Wed Mar 07 12:39:58 2012] [error] [client 192.168.195.2] <emailProvider
id="localdomain.local">
[Wed Mar 07 12:39:58 2012] [error] [client 192.168.195.2] <domain/>
[Wed Mar 07 12:39:58 2012] [error] [client 192.168.195.2] <displayName/>
[Wed Mar 07 12:39:58 2012] [error] [client 192.168.195.2]
<displayShortName/>
[Wed Mar 07 12:39:58 2012] [error] [client 192.168.195.2] </emailProvider>
[Wed Mar 07 12:39:58 2012] [error] [client 192.168.195.2] </clientConfig>
my automx.conf:
# file: /etc/automx.conf
[automx]
provider = localdomain.local
domains = *
# The DEFAULT section is always merged into each other section. Each section
# can overwrite settings done here.
[DEFAULT]
action = settings
account_type = email
account_name = TEST
account_name_short = TEST
display_name = ${givenName} ${sn}
smtp = yes
smtp_server = badger.localdomain.local
smtp_port = 587
smtp_encryption = starttls
smtp_auth = encrypted
smtp_auth_identity = ${cn}
smtp_default = yes
imap = yes
imap_server = badger.localdomain.local
imap_port = 993
imap_encryption = ssl
imap_auth = encrypted
imap_auth_identity = ${cn}
pop = no
host = ldap://127.0.0.1
base = ou=People,dc=localdomain,dc=local
result_attrs = cn, givenName, sn
scope = sub
filter = (&(objectClass=*) (mail=%s))
bindmethod = simple
binddn = cn=admin,dc=localdomain,dc=local
bindpw = test123
usetls = yes
cacert = /etc/ldap/ssl/cacert.pem
# If a domain is listed in the automx section, it may have its own
section. If
# none is found here, the global section is used.
[global]
backend = ldap
What an be a problem?
thanks
Wojciech
More information about the automx-users
mailing list