I ran into an issue with Postfix plus LDAP
where configuring the LDAP server to be '127.0.0.1'
works, but 'localhost' fails with an error.
I wanted to inquire if this was planned behavior
because it certainly confused me.
In detail:
Basic context:
OS: OpenBSD 4.8
Postfix: version: 2.7.1 (from OpenBSD package postfix-2.7.1-ldap.tgz)
LDAP: 2.3.43 (Aug 9 2010) (from OpenBSD package openldap-server-2.3.43p3.tgz)
First, localhost resolves to 127.0.0.1
/etc/hosts has
# $OpenBSD: hosts,v 1.12 2009/03/10 00:42:13 deraadt Exp $
# Host Database
127.0.0.1 localhost
::1 localhost
/etc/resolv.conf has
lookup file bind
$ ping localhost
PING localhost (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=0.085 ms
Second, LDAP is running, and listening on 127.0.0.1
(for security, and I have no need to expose LDAP externally)
started with flags:
'/usr/local/libexec/slapd -h ldap://127.0.0.1 -u _openldap -g _openldap'
confirmed that listening on 127.0.0.1
$ netstat -ant
tcp 0 0 *.25 *.* LISTEN
tcp 0 0 *.113 *.* LISTEN
tcp 0 0 *.22 *.* LISTEN
tcp 0 0 127.0.0.1.389 *.* LISTEN
tcp6 0 0 *.25 *.* LISTEN
tcp6 0 0 *.113 *.* LISTEN
tcp6 0 0 *.22 *.* LISTEN
Third, Postfix configuration works with 127.0.0.1
main.cf configured with (sanitized):
virtual_mailbox_domains = foo.org
virtual_mailbox_base = /var/mail/_vmail
virtual_mailbox_maps = ldap:/etc/postfix/vmailbox_ldap.cf
virtual_minimum_uid = 42
virtual_uid_maps = static:42
virtual_gid_maps = static:42
/etc/postfix/vmailbox_ldap.cf has:
server_host = 127.0.0.1
version = 3
bind = no
search_base = ou=accounts,dc=foo,dc=org
query_filter = (&(objectClass=posixAccount)(uid=%u))
result_attribute = uid
result_format = %s/mail/inbox
test with postmap works:
$ postmap -q char...@foo.org ldap:/etc/postfix/vmailbox_ldap.cf
charlie/mail/inbox
and tested by actual mail from distant internet server, works fine
Fourth, Postfix configuration just changing '127.0.0.1' to 'localhost' fails
same main.cf
change /etc/postfix/vmailbox_ldap.cf to:
server_host = localhost
version = 3
bind = no
search_base = ou=accounts,dc=neocortical,dc=org
query_filter = (&(objectClass=posixAccount)(uid=%u))
result_attribute = uid
result_format = %s/mail/inbox
debuglevel = 1
postmap still works(!):
$ postmap -q char...@foo.org ldap:/etc/postfix/vmailbox_ldap.cf
charlie/mail/inbox
_____BUT (DEMONSTRATION OF POSSIBLE BUG)___
actual mail fails, with what I thought was the most notable error being:
"dict_ldap_debug: ldap_connect_to_host: getaddrinfo failed: no address
associated with name"
telnet transcript:
$ telnet www.foo.org 25
Trying 42.42.42.42...
Connected to www.foo.org.
Escape character is '^]'.
220 www.foo.org ESMTP Postfix
HELO www.foo.org
250 www.foo.org
MAIL FROM:r...@foo.org
250 2.1.0 Ok
RCPT TO:char...@foo.org
451 4.3.0 <char...@foo.org>: Temporary lookup failure
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
/etc/log/maillog transcript (I sanitized this, but I hope I'm still not
leaking
any security holes):
Apr 25 18:15:17 www postfix/smtpd[7718]: dict_ldap_debug: ldap_create
Apr 25 18:15:17 www postfix/smtpd[7718]: dict_ldap_debug:
ldap_url_parse_ext(ldap://localhost:389)
Apr 25 18:15:17 www postfix/smtpd[7718]: dict_ldap_debug: ldap_search_ext
Apr 25 18:15:17 www postfix/smtpd[7718]: dict_ldap_debug: put_filter:
"(&(objectClass=posixAccount)(uid=charlie))"
Apr 25 18:15:17 www postfix/smtpd[7718]: dict_ldap_debug: put_filter: AND
Apr 25 18:15:17 www postfix/smtpd[7718]: dict_ldap_debug: put_filter_list
"(objectClass=posixAccount)(uid=charlie)"
Apr 25 18:15:17 www postfix/smtpd[7718]: dict_ldap_debug: put_filter:
"(objectClass=posixAccount)"
Apr 25 18:15:17 www postfix/smtpd[7718]: dict_ldap_debug: put_filter: simple
Apr 25 18:15:17 www postfix/smtpd[7718]: dict_ldap_debug: put_simple_filter:
"objectClass=posixAccount"
Apr 25 18:15:17 www postfix/smtpd[7718]: dict_ldap_debug: put_filter:
"(uid=charlie)"
Apr 25 18:15:17 www postfix/smtpd[7718]: dict_ldap_debug: put_filter: simple
Apr 25 18:15:17 www postfix/smtpd[7718]: dict_ldap_debug: put_simple_filter:
"uid=charlie"
Apr 25 18:15:17 www postfix/smtpd[7718]: dict_ldap_debug:
ldap_send_initial_request
Apr 25 18:15:17 www postfix/smtpd[7718]: dict_ldap_debug: ldap_new_connection 1
1 0
Apr 25 18:15:17 www postfix/smtpd[7718]: dict_ldap_debug:
ldap_int_open_connection
Apr 25 18:15:17 www postfix/smtpd[7718]: dict_ldap_debug: ldap_connect_to_host:
TCP localhost:389
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug: ldap_connect_to_host:
getaddrinfo failed: no address associated with name
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug: ldap_create
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug:
ldap_url_parse_ext(ldap://localhost:389)
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug: ldap_search_ext
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug: put_filter:
"(&(objectClass=posixAccount)(uid=charlie))"
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug: put_filter: AND
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug: put_filter_list
"(objectClass=posixAccount)(uid=charlie)"
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug: put_filter:
"(objectClass=posixAccount)"
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug: put_filter: simple
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug: put_simple_filter:
"objectClass=posixAccount"
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug: put_filter:
"(uid=charlie)"
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug: put_filter: simple
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug: put_simple_filter:
"uid=charlie"
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug:
ldap_send_initial_request
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug: ldap_new_connection 1
1 0
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug:
ldap_int_open_connection
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug: ldap_connect_to_host:
TCP localhost:389
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug: ldap_connect_to_host:
getaddrinfo failed: no address associated with name
Apr 25 18:15:18 www postfix/smtpd[7718]: dict_ldap_debug: ldap_err2string
Apr 25 18:15:18 www postfix/smtpd[7718]: warning: dict_ldap_lookup: Search
error
-1: Can't contact LDAP server
Apr 25 18:15:18 www postfix/smtpd[7718]: NOQUEUE: reject: RCPT from
www.foo.org[42.42.42.42]: 451 4.3.0 : Temporary lookup failure;
from=to=proto=SMTP helo=<www.foo.org>
Apr 25 18:15:20 www postfix/cleanup[8644]: B214A4562C0:
message-id=<20110425221520.b214a456...@www.foo.org>
Apr 25 18:15:20 www postfix/smtpd[7718]: disconnect from
www.foo.org[42.42.42.42]
Apr 25 18:15:20 www postfix/qmgr[18291]: B214A4562C0: from=www.foo.org>,
size=789, nrcpt=1 (queue active)
Apr 25 18:15:21 www postfix/local[32273]: B214A4562C0: to=www.foo.org>,
orig_to=, relay=local, delay=0.32, delays=0.02/0.02/0/0.29, dsn=2.0.0,
status=sent (delivered to mailbox)
Apr 25 18:15:21 www postfix/qmgr[18291]: B214A4562C0: removed
I bring this up because:
I don't know if this has been reported before
You developers might find this to be a bug
(or it might be expected behavior, in which case I would appreciate learning
about it)
Other people might encounter similar behavior, so I thought I would spare them
the long
process of untangling it
Thanks for any help.
