Bug#702116: exim4-daemon-heavy: LDAP for SMTP auth not working

Paul Muster Tue, 05 Mar 2013 13:09:18 -0800

Hello,

some additional information:


# exim -d -be '${if
ldapauth{user="uid=${quote_ldap_dn:paul},ou=Users,dc=BASIS"
pass=${quote:geheim} ldap://ldap/}}'

shows:

* with existing user and wrong password:

Mar  4 18:28:06 ldap slapd[9942]: conn=5292 fd=70 ACCEPT from
IP=192.168.1.4:37312 (IP=0.0.0.0:389)
Mar  4 18:28:06 ldap slapd[9942]: conn=5292 op=0 BIND
dn="uid=paul,ou=Users,dc=BASIS" method=128
Mar  4 18:28:06 ldap slapd[9942]: conn=5292 op=0 RESULT tag=97 err=49 text=
Mar  4 18:28:06 ldap slapd[9942]: conn=5292 op=1 UNBIND
Mar  4 18:28:06 ldap slapd[9942]: conn=5292 fd=70 closed

Exim version 4.80 uid=0 gid=0 pid=14864 D=fbb95cfd
Berkeley DB: Berkeley DB 5.1.29: (October 25, 2011)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS
move_frozen_messages Content_Scanning DKIM Old_Demime
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm
dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql
sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram
redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Compiler: GCC [4.7.2]
Library version: GnuTLS: Compile: 2.12.20
                         Runtime: 2.12.20
Library version: Cyrus SASL: Compile: 2.1.25
                             Runtime: 2.1.25 [Cyrus SASL]
Library version: PCRE: Compile: 8.31
                       Runtime: 8.30 2012-02-04
Total 19 lookups
Library version: MySQL: Compile: 5.5.28 [(Debian)]
                        Runtime: 5.5.28
Library version: SQLite: Compile: 3.7.15.1
                         Runtime: 3.7.13
WHITELIST_D_MACROS: "OUTGOING"
TRUSTED_CONFIG_LIST: "/etc/exim4/trusted_configs"
changed uid/gid: -C, -D, -be or -bf forces real uid
  uid=0 gid=0 pid=14864
  auxiliary group list: 0
seeking password data for user "uucp": cache not available
getpwnam() succeeded uid=10 gid=10
changed uid/gid: calling tls_validate_require_cipher
  uid=104 gid=106 pid=14865
  auxiliary group list: 0
tls_validate_require_cipher child 14865 ended: status=0x0
configuration file is /var/lib/exim4/config.autogenerated
log selectors = 00000ffc 00612001
trusted user
admin user
seeking password data for user "mail": cache not available
getpwnam() succeeded uid=8 gid=8
user name "root" extracted from gecos field "root"
originator: uid=0 gid=0 login=root name=root
sender address = r...@mailname.tld
LDAP parameters: user=uid=paul,ou=Users,dc=BASIS pass=geheim size=0
time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldapauth URL = "ldap://ldap/"; server=NULL port=0
sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=ldap port=389
ldap_initialize with URL ldap://ldap:389/
initialized for LDAP (v3) server ldap:389
LDAP_OPT_X_TLS_TRY set
binding with user=uid=paul,ou=Users,dc=BASIS password=geheim
Invalid credentials: ldapauth returns FAIL

search_tidyup called
unbind LDAP connection to ldap:389
>>>>>>>>>>>>>>>> Exim pid=14864 terminating with rc=0 >>>>>>>>>>>>>>>>


* with existing user and right password:

Mar  4 18:29:48 ldap slapd[9942]: conn=5293 fd=70 ACCEPT from
IP=192.168.1.4:37313 (IP=0.0.0.0:389)
Mar  4 18:29:48 ldap slapd[9942]: conn=5293 op=0 BIND
dn="uid=paul,ou=Users,dc=BASIS" method=128
Mar  4 18:29:48 ldap slapd[9942]: conn=5293 op=0 BIND
dn="uid=paul,ou=Users,dc=BASIS" mech=SIMPLE ssf=0
Mar  4 18:29:48 ldap slapd[9942]: conn=5293 op=0 RESULT tag=97 err=0 text=
Mar  4 18:29:48 ldap slapd[9942]: conn=5293 op=1 UNBIND

Exim version 4.80 uid=0 gid=0 pid=14867 D=fbb95cfd
Berkeley DB: Berkeley DB 5.1.29: (October 25, 2011)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS
move_frozen_messages Content_Scanning DKIM Old_Demime
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm
dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql
sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram
redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Compiler: GCC [4.7.2]
Library version: GnuTLS: Compile: 2.12.20
                         Runtime: 2.12.20
Library version: Cyrus SASL: Compile: 2.1.25
                             Runtime: 2.1.25 [Cyrus SASL]
Library version: PCRE: Compile: 8.31
                       Runtime: 8.30 2012-02-04
Total 19 lookups
Library version: MySQL: Compile: 5.5.28 [(Debian)]
                        Runtime: 5.5.28
Library version: SQLite: Compile: 3.7.15.1
                         Runtime: 3.7.13
WHITELIST_D_MACROS: "OUTGOING"
TRUSTED_CONFIG_LIST: "/etc/exim4/trusted_configs"
changed uid/gid: -C, -D, -be or -bf forces real uid
  uid=0 gid=0 pid=14867
  auxiliary group list: 0
seeking password data for user "uucp": cache not available
getpwnam() succeeded uid=10 gid=10
changed uid/gid: calling tls_validate_require_cipher
  uid=104 gid=106 pid=14870
  auxiliary group list: 0
tls_validate_require_cipher child 14870 ended: status=0x0
configuration file is /var/lib/exim4/config.autogenerated
log selectors = 00000ffc 00612001
trusted user
admin user
seeking password data for user "mail": cache not available
getpwnam() succeeded uid=8 gid=8
user name "root" extracted from gecos field "root"
originator: uid=0 gid=0 login=root name=root
sender address = r...@mailname.tld
LDAP parameters: user=uid=paul,ou=Users,dc=BASIS pass=<password> size=0
time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldapauth URL = "ldap://ldap/"; server=NULL port=0
sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=ldap port=389
ldap_initialize with URL ldap://ldap:389/
initialized for LDAP (v3) server ldap:389
LDAP_OPT_X_TLS_TRY set
binding with user=uid=paul,ou=Users,dc=BASIS password=<password>
Bind succeeded: ldapauth returns OK
true
search_tidyup called
unbind LDAP connection to ldap:389
>>>>>>>>>>>>>>>> Exim pid=14867 terminating with rc=0 >>>>>>>>>>>>>>>>


* as user Debian-exim it works, too:

Mar  4 18:38:41 ldap slapd[9942]: conn=5309 fd=70 ACCEPT from
IP=192.168.1.4:37333 (IP=0.0.0.0:389)
Mar  4 18:38:41 ldap slapd[9942]: conn=5309 op=0 BIND
dn="uid=paul,ou=Users,dc=BASIS" method=128
Mar  4 18:38:41 ldap slapd[9942]: conn=5309 op=0 BIND
dn="uid=paul,ou=Users,dc=BASIS" mech=SIMPLE ssf=0
Mar  4 18:38:41 ldap slapd[9942]: conn=5309 op=0 RESULT tag=97 err=0 text=
Mar  4 18:38:41 ldap slapd[9942]: conn=5309 op=1 UNBIND
Mar  4 18:38:41 ldap slapd[9942]: conn=5309 fd=70 closed

Exim version 4.80 uid=104 gid=106 pid=15501 D=fbb95cfd
Berkeley DB: Berkeley DB 5.1.29: (October 25, 2011)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS
move_frozen_messages Content_Scanning DKIM Old_Demime
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm
dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql
sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram
redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Compiler: GCC [4.7.2]
Library version: GnuTLS: Compile: 2.12.20
                         Runtime: 2.12.20
Library version: Cyrus SASL: Compile: 2.1.25
                             Runtime: 2.1.25 [Cyrus SASL]
Library version: PCRE: Compile: 8.31
                       Runtime: 8.30 2012-02-04
Total 19 lookups
Library version: MySQL: Compile: 5.5.28 [(Debian)]
                        Runtime: 5.5.28
Library version: SQLite: Compile: 3.7.15.1
                         Runtime: 3.7.13
WHITELIST_D_MACROS: "OUTGOING"
TRUSTED_CONFIG_LIST: "/etc/exim4/trusted_configs"
changed uid/gid: -C, -D, -be or -bf forces real uid
  uid=104 gid=106 pid=15501
  auxiliary group list: 1 106 109
seeking password data for user "uucp": cache not available
getpwnam() succeeded uid=10 gid=10
tls_validate_require_cipher child 15502 ended: status=0x0
configuration file is /var/lib/exim4/config.autogenerated
log selectors = 00000ffc 00612001
LOG: MAIN PANIC
  exim user lost privilege for using -D option
trusted user
admin user
seeking password data for user "mail": cache not available
getpwnam() succeeded uid=8 gid=8
user name "" extracted from gecos field ""
originator: uid=104 gid=106 login=Debian-exim name=
sender address = debian-e...@mailname.tld
LDAP parameters: user=uid=paul,ou=Users,dc=BASIS pass=<password> size=0
time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldapauth URL = "ldap://ldap/"; server=NULL port=0
sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=ldap port=389
ldap_initialize with URL ldap://ldap:389/
initialized for LDAP (v3) server ldap:389
LDAP_OPT_X_TLS_TRY set
binding with user=uid=paul,ou=Users,dc=BASIS password=<password>
Bind succeeded: ldapauth returns OK
true
search_tidyup called
unbind LDAP connection to ldap:389
>>>>>>>>>>>>>>>> Exim pid=15501 terminating with rc=0 >>>>>>>>>>>>>>>>


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#702116: exim4-daemon-heavy: LDAP for SMTP auth not working

Reply via email to