Re: trouble with ldaps in ldap lookup map

Fri, 26 Jun 2009 12:54:48 -0700 

Try to use smtp without chroot:

master.cf:
smtp      inet  n   -   n   -   -   smtpd

On Fri, Jun 26, 2009 at 4:30 PM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:

> On Fri, Jun 26, 2009 at 02:37:32PM -0400, Victor Duchovni wrote:
>
> > What exactly was working before and what did you change? You need
> > a version of the LDAP library with debugging symbols. Then single-step
> > "gdb" (debugging "postmap") through ldap_int_tls_init_ctx()
> >
> > called from   ldap_pvt_tls_set_option().
> > ----- openldap/libraries/libldap/tls.c line 332
> >         case LDAP_OPT_X_TLS_NEWCTX:
> >                 if ( !arg ) return -1;
> >                 if ( lo->ldo_tls_ctx )
> >                         ldap_pvt_tls_ctx_free( lo->ldo_tls_ctx );
> >                 lo->ldo_tls_ctx = NULL;
> >                 return ldap_int_tls_init_ctx( lo, *(int *)arg );
> >
> > called from   ldap_set_option()
> > ----- openldap/libraries/libldap/options.c line 332
> >     #ifdef HAVE_TLS
> >       if ( ldap_pvt_tls_get_option( ld, option, outvalue ) == 0 ) {
> >               return LDAP_OPT_SUCCESS;
> >       }
> >     #endif
>
> Sorry the calling code is on line 670 of options.c (in 2.4.11)
>
>    #ifdef HAVE_TLS
>        if ( ldap_pvt_tls_set_option( ld, option, (void *)invalue ) == 0 )
>                 return LDAP_OPT_SUCCESS;
>    #endif
>
> >
> > called from   dict_ldap_set_tls_options()
> > ----- postfix/src/global/dict_ldap.c line 560 -----
> >     #ifdef LDAP_OPT_X_TLS_NEWCTX
> >       if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &am_server))
> >           != LDAP_SUCCESS) {
> >           msg_warn("%s: Unable to allocate new TLS context %d: %s",
> >                    myname, rc, ldap_err2string(rc));
> >           return (-1);
> >       }
> >     #endif
> >
> > This code works with Postfix and OpenLDAP both using OpenSSL, I don't
> > have a GNUTLS build of OpenLDAP to test.
>
> --
>        Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>

Reply via email to