ldapdb smtpd.conf postfix sends unbind to ldap
Dennis Matotek
dennis at utiba.com
Sat Jan 14 22:06:21 EST 2006
Hi List,
I've read through the mail list archive and get similar but different
problems to people using ldapdb, smtp auth via sasl.
I have confirmed using ldapsearch, ldapwhoami that ldap and digest-m5
authentication is working properly. courier-imap uses the same
authentication to the same ldap server and experiences no problems. I
cannot get smtps to authenticate to the ldap server. According to
ethereal trace the smtps server makes a connection then sends unbind
request. Ldap logs the incoming connection but nothing else. Is there
a way of debugging what is happening that I can look at? Someone a
previous ldapdb problem in the list said to use smtptest supplied by
cyrus-imap-utils. Since I'm running courier-imap on the same server I
didn't want to load it in case it caused more problems. Is there
something I am missing? I am not really a C programmer so messing with
code is problematic.
Any help is greatly appreciated.
Regards,
Dennis
ldapwhoami -U xxxxx -X u:xxxx -Y DIGEST-MD5 -H ldap://ser3 -ZZ
dn:uid=xxxxxx,ou=utiba,ou=people,dc=xxxx
Result: Success (0)
ldapsearch -H ldap://ser3 -U xxxx -W -X u:xxxx -Y DIGEST-MD5 -s base -b
uid=xxxxx,ou=xxxx,ou=people,dc=xxxx '(objectclass=*)' userPassword -ZZ
dn: uid=xxxxxx,ou=xxxx,ou=People,dc=xxxx
userPassword:: ########
/etc/postfix/sasl/smtpd.conf
pwcheck_method: auxprop (toggle on/off makes no difference)
auxprop_plugin: ldapdb
ldapdb_uri: ldap://192.168.0.3
ldapdb_id: xxxxx
ldapdb_pw: ******
#ldapdb_starttls: demand (toggle on/off makes no difference)
ldapdb_mech: digest-md5
log_level: 1 (this doesn't seem to do anything)
log mail/info: (where it pass off to sasl)
postfix/smtpd[6687]: SASL authentication misc: DIGEST-MD5 server step 2
postfix/smtpd[6687]: > unknown[192.168.1.30]: 535 Error: authentication
failed
postfix/smtpd[6687]: watchdog_pat: 0x8084be8
postfix/smtpd[6687]: smtp_get: EOF
log ldap.log (level 255)
Jan 15 14:00:20 ser3 slapd[29914]: daemon: activity on 1 descriptors
Jan 15 14:00:20 ser3 slapd[29914]: daemon: new connection on 30
Jan 15 14:00:20 ser3 slapd[29914]: daemon: added 30r
Jan 15 14:00:20 ser3 slapd[29914]: daemon: activity on:
Jan 15 14:00:20 ser3 slapd[29914]:
Jan 15 14:00:20 ser3 slapd[29914]: daemon: select: listen=6
active_threads=0 tvp=NULL
Jan 15 14:00:20 ser3 slapd[29914]: daemon: select: listen=7
active_threads=0 tvp=NULL
Jan 15 14:00:20 ser3 slapd[29914]: daemon: select: listen=8
active_threads=0 tvp=NULL
Jan 15 14:00:20 ser3 slapd[29914]: daemon: select: listen=9
active_threads=0 tvp=NULL
Jan 15 14:00:20 ser3 slapd[29914]: daemon: activity on 1 descriptors
Jan 15 14:00:20 ser3 slapd[29914]: daemon: activity on:
Jan 15 14:00:20 ser3 slapd[29914]: 30r
Jan 15 14:00:20 ser3 slapd[29914]:
Jan 15 14:00:20 ser3 slapd[29914]: daemon: read activity on 30
Jan 15 14:00:20 ser3 slapd[29914]: connection_get(30)
Jan 15 14:00:20 ser3 slapd[29914]: connection_get(30): got connid=66
Jan 15 14:00:20 ser3 slapd[29914]: connection_read(30): checking for
input on id=66
Jan 15 14:00:20 ser3 slapd[29914]: ber_get_next on fd 30 failed errno=0
(Success)
Jan 15 14:00:20 ser3 slapd[29914]: connection_read(30): input error=-2
id=66, closing.
Jan 15 14:00:20 ser3 slapd[29914]: connection_closing: readying conn=66
sd=30 for close
Jan 15 14:00:20 ser3 slapd[29914]: connection_close: deferring conn=66 sd=30
Jan 15 14:00:20 ser3 slapd[29914]: daemon: select: listen=6
active_threads=0 tvp=NULL
Jan 15 14:00:20 ser3 slapd[29914]: daemon: select: listen=7
active_threads=0 tvp=NULL
Jan 15 14:00:20 ser3 slapd[29914]: daemon: select: listen=8
active_threads=0 tvp=NULL
Jan 15 14:00:20 ser3 slapd[29914]: daemon: select: listen=9
active_threads=0 tvp=NULL
Jan 15 14:00:20 ser3 slapd[29914]: daemon: activity on 1 descriptors
Jan 15 14:00:20 ser3 slapd[29914]: daemon: select: listen=6
active_threads=0 tvp=NULL
Jan 15 14:00:20 ser3 slapd[29914]: daemon: select: listen=7
active_threads=0 tvp=NULL
Jan 15 14:00:20 ser3 slapd[29914]: daemon: select: listen=8
active_threads=0 tvp=NULL
Jan 15 14:00:20 ser3 slapd[29914]: daemon: select: listen=9
active_threads=0 tvp=NULL
Jan 15 14:00:20 ser3 slapd[29914]: do_unbind
Jan 15 14:00:20 ser3 slapd[29914]: connection_resched: attempting
closing conn=66 sd=30
Jan 15 14:00:20 ser3 slapd[29914]: connection_close: conn=66 sd=30
Jan 15 14:00:20 ser3 slapd[29914]: daemon: removing 30
ethereal log:
as attachment scan1.ethereal
-----------------
Utiba Pty Ltd
This message has been scanned for viruses and
dangerous content by Utiba mail server and is
believed to be clean.
-------------- next part --------------
No. Time Source Destination Protocol Info
451 9.029311 192.168.1.1 192.168.0.3 TCP 1935 > ldap [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=253310147 TSER=0 WS=2
Frame 451 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: 192.168.1.1 (00:02:a5:dd:2a:8c), Dst: 192.168.1.254 (00:11:95:c7:12:b1)
Internet Protocol, Src: 192.168.1.1 (192.168.1.1), Dst: 192.168.0.3 (192.168.0.3)
Transmission Control Protocol, Src Port: 1935 (1935), Dst Port: ldap (389), Seq: 0, Ack: 0, Len: 0
Source port: 1935 (1935)
Destination port: ldap (389)
Sequence number: 0 (relative sequence number)
Header length: 40 bytes
Flags: 0x0002 (SYN)
Window size: 5840
Checksum: 0xf2df [correct]
Options: (20 bytes)
No. Time Source Destination Protocol Info
452 9.030349 192.168.0.3 192.168.1.1 TCP ldap > 1935 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=3629615146 TSER=253310147 WS=2
Frame 452 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: 192.168.1.254 (00:11:95:c7:12:b1), Dst: 192.168.1.1 (00:02:a5:dd:2a:8c)
Internet Protocol, Src: 192.168.0.3 (192.168.0.3), Dst: 192.168.1.1 (192.168.1.1)
Transmission Control Protocol, Src Port: ldap (389), Dst Port: 1935 (1935), Seq: 0, Ack: 1, Len: 0
Source port: ldap (389)
Destination port: 1935 (1935)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 40 bytes
Flags: 0x0012 (SYN, ACK)
Window size: 5792
Checksum: 0xb895 [correct]
Options: (20 bytes)
SEQ/ACK analysis
No. Time Source Destination Protocol Info
453 9.030465 192.168.1.1 192.168.0.3 TCP 1935 > ldap [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=253310149 TSER=3629615146
Frame 453 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 192.168.1.1 (00:02:a5:dd:2a:8c), Dst: 192.168.1.254 (00:11:95:c7:12:b1)
Internet Protocol, Src: 192.168.1.1 (192.168.1.1), Dst: 192.168.0.3 (192.168.0.3)
Transmission Control Protocol, Src Port: 1935 (1935), Dst Port: ldap (389), Seq: 1, Ack: 1, Len: 0
Source port: 1935 (1935)
Destination port: ldap (389)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x0010 (ACK)
Window size: 5840 (scaled)
Checksum: 0xf846 [correct]
Options: (12 bytes)
SEQ/ACK analysis
No. Time Source Destination Protocol Info
456 9.036467 192.168.1.1 192.168.0.3 LDAP MsgId=1 Unbind Request
Frame 456 (73 bytes on wire, 73 bytes captured)
Ethernet II, Src: 192.168.1.1 (00:02:a5:dd:2a:8c), Dst: 192.168.1.254 (00:11:95:c7:12:b1)
Internet Protocol, Src: 192.168.1.1 (192.168.1.1), Dst: 192.168.0.3 (192.168.0.3)
Transmission Control Protocol, Src Port: 1935 (1935), Dst Port: ldap (389), Seq: 1, Ack: 1, Len: 7
Source port: 1935 (1935)
Destination port: ldap (389)
Sequence number: 1 (relative sequence number)
Next sequence number: 8 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 5840 (scaled)
Checksum: 0xc4ea [correct]
Options: (12 bytes)
Lightweight Directory Access Protocol
LDAP Message, Unbind Request
Message Id: 1
Message Type: Unbind Request (0x02)
Message Length: 0
No. Time Source Destination Protocol Info
457 9.036638 192.168.1.1 192.168.0.3 TCP 1935 > ldap [FIN, ACK] Seq=8 Ack=1 Win=5840 Len=0 TSV=253310155 TSER=3629615146
Frame 457 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 192.168.1.1 (00:02:a5:dd:2a:8c), Dst: 192.168.1.254 (00:11:95:c7:12:b1)
Internet Protocol, Src: 192.168.1.1 (192.168.1.1), Dst: 192.168.0.3 (192.168.0.3)
Transmission Control Protocol, Src Port: 1935 (1935), Dst Port: ldap (389), Seq: 8, Ack: 1, Len: 0
Source port: 1935 (1935)
Destination port: ldap (389)
Sequence number: 8 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x0011 (FIN, ACK)
Window size: 5840 (scaled)
Checksum: 0xf838 [correct]
Options: (12 bytes)
No. Time Source Destination Protocol Info
458 9.036701 192.168.0.3 192.168.1.1 TCP ldap > 1935 [ACK] Seq=1 Ack=8 Win=5792 Len=0 TSV=3629615152 TSER=253310154
Frame 458 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 192.168.1.254 (00:11:95:c7:12:b1), Dst: 192.168.1.1 (00:02:a5:dd:2a:8c)
Internet Protocol, Src: 192.168.0.3 (192.168.0.3), Dst: 192.168.1.1 (192.168.1.1)
Transmission Control Protocol, Src Port: ldap (389), Dst Port: 1935 (1935), Seq: 1, Ack: 8, Len: 0
Source port: ldap (389)
Destination port: 1935 (1935)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 8 (relative ack number)
Header length: 32 bytes
Flags: 0x0010 (ACK)
Window size: 5792 (scaled)
Checksum: 0xf840 [correct]
Options: (12 bytes)
SEQ/ACK analysis
No. Time Source Destination Protocol Info
460 9.037539 192.168.0.3 192.168.1.1 TCP ldap > 1935 [FIN, ACK] Seq=1 Ack=9 Win=5792 Len=0 TSV=3629615153 TSER=253310155
Frame 460 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 192.168.1.254 (00:11:95:c7:12:b1), Dst: 192.168.1.1 (00:02:a5:dd:2a:8c)
Internet Protocol, Src: 192.168.0.3 (192.168.0.3), Dst: 192.168.1.1 (192.168.1.1)
Transmission Control Protocol, Src Port: ldap (389), Dst Port: 1935 (1935), Seq: 1, Ack: 9, Len: 0
Source port: ldap (389)
Destination port: 1935 (1935)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 9 (relative ack number)
Header length: 32 bytes
Flags: 0x0011 (FIN, ACK)
Window size: 5792 (scaled)
Checksum: 0xf83c [correct]
Options: (12 bytes)
SEQ/ACK analysis
No. Time Source Destination Protocol Info
461 9.037602 192.168.1.1 192.168.0.3 TCP 1935 > ldap [ACK] Seq=9 Ack=2 Win=5840 Len=0 TSV=253310156 TSER=3629615153
Frame 461 (66 bytes on wire, 66 bytes captured)
Ethernet II, Src: 192.168.1.1 (00:02:a5:dd:2a:8c), Dst: 192.168.1.254 (00:11:95:c7:12:b1)
Internet Protocol, Src: 192.168.1.1 (192.168.1.1), Dst: 192.168.0.3 (192.168.0.3)
Transmission Control Protocol, Src Port: 1935 (1935), Dst Port: ldap (389), Seq: 9, Ack: 2, Len: 0
Source port: 1935 (1935)
Destination port: ldap (389)
Sequence number: 9 (relative sequence number)
Acknowledgement number: 2 (relative ack number)
Header length: 32 bytes
Flags: 0x0010 (ACK)
Window size: 5840 (scaled)
Checksum: 0xf82f [correct]
Options: (12 bytes)
SEQ/ACK analysis
More information about the Cyrus-sasl
mailing list