NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2008-03

Re: dict_ldap_connect: Unable to bind to server ldap://localhost:389 as : 2 (Protocol error)

From: Lou Picciano (LouPiccianocomcast.net)
Date: Sun Mar 02 2008 - 14:38:35 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Victor,

Yes, we clearly have something fundamental not working here.
Apologies if I've added to the confusion.

Our issue remains that we cannot query against an LDAP store if that ldap source
is defined in its own file.
To clarify: We have the following files impacting ldap:

in directory /etc/postfix:
main.cf
domains
aliases
accounts
accountsmaps

- snippet of main.cf:
...
# = = = = = = = = = = LDAP SETUP = = = = = = = = = = = = = = = = = =
# LDAP sources: accounts, accountsmaps, domains, aliases
# - First: the virtual alias maps
virtual_alias_maps = ldap:/etc/postfix/accountsmap, ldap:/etc/postfix/aliases

#virtual_transport = virtual

# This sets up the domain-based email under vmail's 'home' dir
virtual_mailbox_base = /export/home/vmail/domains

virtual_mailbox_maps = ldap:/etc/postfix/accounts
virtual_mailbox_domains = ldap:/etc/postfix/domains
# =======

For the file 'domains', we've tried it two ways:

1) - content of /etc/postfix/domains: (other 3 ldap 'source' files use similar
syntax)
# = = = LDAP DOMAINS
domains_server_host = 127.0.0.1
domains_version = 3
#domains_port = 389
domains_search_base = o=mail,dc= realdomainname,dc=com
domains_query_filter =
(&(objectClass=JammVirtualDomain)(jvd=%s)(accountActive=TRUE)(delete=FALSE))
domains_result_attribute = jvd
domains_bind = no
domains_scope = one
# end LDAP DOMAINS = = = = = = = = = = = = = = = = = = = = = = = = = = =

- OR -
2) - content of /etc/postfix/domains:
# = = = LDAP DOMAINS
server_host = 127.0.0.1
version = 3
#port = 389
search_base = o=mail,dc= realdomainname,dc=com
query_filter =
(&(objectClass=JammVirtualDomain)(jvd=%s)(accountActive=TRUE)(delete=FALSE))
result_attribute = jvd
bind = no
scope = one
# end LDAP DOMAINS = = = = = = = = = = = = = = = = = = = = = = = = = = =

With _either_ formatting of the 'domains' file, we cannot get postmap to make
use of the domains source:

postmap: dict_ldap_connect: Actual Protocol version used is 2.
postmap: dict_ldap_connect: Binding to server ldap://localhost:389 as dn
postmap: dict_ldap_connect: Successful bind to server ldap://localhost:389 as
postmap: dict_ldap_connect: Cached connection handle for LDAP source domains
postmap: dict_ldap_lookup: domains: Searching with filter (mailacceptinggeneralid=wonderland.com)
postmap: warning: dict_ldap_lookup: domains: Search base '' not found: 32: No such object

Please note: All of this _does_ work fine if we put each ldap source definition
directly into main.cf, so this has become something of an academic exercise.
LDAP sources as external files should work fine, though, right?

Thanks. Lou

-------------- Original message ----------------------
From: Victor Duchovni <Victor.DuchovniMorganStanley.com>
> On Sat, Mar 01, 2008 at 02:33:28PM +0000, Lou Picciano wrote:
>
> > Victor,
> >
> > As I mentioned in my original post, I had already tried the syntax within
the
> ldap source both prefixed, and non-prefixed, with same results...
> > (I simply sent you the result of the last experiment!)
> >
> > I've since updated OpenLDAP to v2.4.8, and have rebuilt Postfix 2.5.1
against
> it. Per your note, all entries in ldap sources are 'prefixed' appropriately:
> >
> > # = = = LDAP DOMAINS - have similar files for accounts, accountsmaps and
> aliases.
> > domains_server_host = 127.0.0.1
> > domains_version = 3
> > domains_search_base = o=mail,dc=realdomainname,dc=com
> > domains_query_filter =
> (&(objectClass=JammVirtualDomain)(jvd=%s)(accountActive=TRUE)(delete=FALSE))
> > domains_result_attribute = jvd
> > domains_bind = no
> > domains_scope = one
> >
> > - Though all ldap 'source' definitions are in same dir as main.cf, postmap
> responds as if it cannot read the file
>
> What do you by "in the same dir"? The above syntax is for settings in main.cf
> and table references of the form "ldap:domains". If you want settings in a
> separate file, remove *all* the prefixes, and use:
>
> ldap:/etc/postfix/domains.cf
>
> assuming that the file is /etc/postfix/domains.cf. You sure seem to have
> the wrong end of the stick...
>
> --
> Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]