I added the i_info line below and copied over the new dovecot-auth. It is hanging at the same place; the "LDAP: Received reply" line is not in the log. Again, exactly 180 seconds after the last log entry, the connection drops. However, that line _does_ appear in the log back at startup...
Apr 3 15:19:05 fourier dovecot: Dovecot v1.0.12 starting up Apr 3 15:19:05 fourier dovecot: auth(default): LDAP: Received reply 1 Apr 3 15:19:06 fourier dovecot: auth(default): new auth connection: pid=30934 Apr 3 15:19:06 fourier dovecot: auth(default): new auth connection: pid=30935 Apr 3 15:19:06 fourier dovecot: auth(default): new auth connection: pid=30936 Apr 3 15:19:21 fourier dovecot: auth(default): new auth connection: pid=30974 Apr 3 15:19:28 fourier dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Isecured^Ilip=x.x.x.x^Irip=y.y.y.y^Iresp=<hidden> Apr 3 15:19:28 fourier dovecot: auth(default): ldap([EMAIL PROTECTED],y.y.y.y): bind search: base=ou=users, dc=lorentz,dc=com filter=(&(objectClass=inetOrgPerson)([EMAIL PROTECTED])) Apr 3 15:22:28 fourier dovecot: imap-login: Disconnected: Inactivity: method=PLAIN, rip=y.y.y.y, lip=x.x.x.x, TLS On Fri, 2008-04-04 at 00:11 +0300, Timo Sirainen wrote: > No, I mean this appears to be a bug somewhere since a LDAP request is > sent, but it's never received by Dovecot. So either Dovecot does > something wrong, OpenLDAP library does something wrong or your network > blocks the reply for some reason. For example on my system: > > auth(default): ldap(foo,127.0.0.1): bind search: base=... > auth(default): ldap(foo,127.0.0.1): result: uid(user)=foo > > If Dovecot receives a reply to the "bind search", it logs the "result" > line, which your logs show is missing. > > On Apr 4, 2008, at 12:06 AM, Jack McKinney wrote: > > I am not sure that I understand you, here. Are you saying that I am > > missing something from my configuration after the "filter=" line > > like a > > pass_attrs listing fields to return? I do not have one, as there > > are no > > fields that I need returned. The only thing that dovecot needs is the > > DN of the match itself. > > > > According to http://wiki.dovecot.org/AuthDatabase/LDAP , > > > > "The pass_filter is used to find the LDAP entry, and the DN is taken > > from the reply." > > > > Should I add a dummy pass_attrs entry? What field is safe to grab? > > E.g., I do not want to overwrite "user"... > > > > On Thu, 2008-04-03 at 23:59 +0300, Timo Sirainen wrote: > >> On Thu, 2008-04-03 at 09:46 -0500, Jack McKinney wrote: > >> > >>> ldap([EMAIL PROTECTED],y.y.y.y): bind search: base=ou=users, > >>> dc=lorentz,dc=com > >>> filter=(&(objectClass=inetOrgPerson)([EMAIL PROTECTED])) > >> > >> Here should be a line saying "result: <returned fields>". Since there > >> isn't, Dovecot never appears to receive the reply. You could verify > >> this > >> by adding to src/auth/db-ldap.c ldap_input() around line 372: > >> > >> msgid = ldap_msgid(res); > >> // added line: > >> i_info("LDAP: Received reply %d", msgid); > >> > >> msgid might be the same as this tag: > >> > >>> Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SEARCH RESULT > >>> tag=101 > >> > >> But I'm not sure. If you anyway receive a reply after the "bind > >> search", > >> there's something wrong in Dovecot's error handling. > >> > > -- > > Jack McKinney > > GPG 1024D/99C6A174 > > [EMAIL PROTECTED] YM:lfaatsnat2006 AIM:jackmclorentz > > "There is no parameter that makes it impossible for you to perform > > still > > more excellently." > > -Mario Cuomo, on the lack of a clock in baseball > -- Jack McKinney GPG 1024D/99C6A174 [EMAIL PROTECTED] YM:lfaatsnat2006 AIM:jackmclorentz "There is no parameter that makes it impossible for you to perform still more excellently." -Mario Cuomo, on the lack of a clock in baseball
signature.asc
Description: This is a digitally signed message part
