I should have been clearer on this. This also seems to have resolved my issues with pam_ldap.
Cheers, Stewart > > Begin Stewart James quotation: > > > > Just doing a little follow up here, I think I tracked my issues down. I am > > not going to get into too much detail about how I eventually figured this > > out but. > > > > If I apt-get source sendmail (8.12.6), comment out the following in the > > libsm/ldap.c: > > # ifdef LDAP_OPT_RESTART > > ldap_set_option(ld, LDAP_OPT_RESTART, LDAP_OPT_ON); > > # endif /* LDAP_OPT_RESTART */ > > > > Then rebuild the package, everything works fine. > > > > I discoivered this after updating a prodocution box that was running ldap > > maps in sendmail to sendmail_8.12.6-6Woody and sicovering sendmail was > > giving off the same errors as pam_ldap when invoked from sendmail (Can not > > connect to server). I quick downgraded and went the hunt. 8.12.6 is when > > sendmail started using LDAP_OPT_RESTART so I took a wild guess went the > > comment and this seemed to fix things up for me. > > > > Hopefully someone elsewho has the same problem will see this post. > > > > Cheers, > > > > Stewart > > > > On Thu, 7 Nov 2002, nate wrote: > > > > > Date: Thu, 7 Nov 2002 18:40:11 -0800 (PST) > > > From: nate <[EMAIL PROTECTED]> > > > To: [EMAIL PROTECTED] > > > Subject: Re: pam-ldap headaches > > > Resent-Date: Thu, 7 Nov 2002 20:41:18 -0600 (CST) > > > Resent-From: [EMAIL PROTECTED] > > > > > > Stewart James said: > > > > > > > > I am so sorry, I just realised why I was not seeing my posts in the > > > > archives. Helps if you change to most recent pages. I was posting without > > > > being a member and thought maybe debial was dropping my posts for some > > > > reason), my last post was being a member. > > > > > > well glad i really am not crazy!! You didn't mention you were not > > > on the list, if you had I [cw]ould of cc:'d you. > > > > > > > I am doing nothing especially difficult. All were done with simple > > > > installing libpam-ldap following the prompts. > > > > > > > > Of 5 machines I have tried this on only one is working. The others all > > > > give the error ldap_simple_bind: cannot connect to server. > > > > > > > > My config is simple > > > > host ldap.vu.edu.au > > > > base o=vu.edu.au > > > > ldap_version 3 > > > > port 389 > > > > pam_password clear > > > > > > from the servers that do NOT work can you try something like > > > > > > ldapsearch -b "o=vu.edu.au" -LLL -H "ldap://ldap.vu.edu.au:389/"; > > > '(objectClass=*)' -x > > > > > > this should spew out everything in your LDAP database. if you get > > > an error, try turning on debug mode, i use -d 256 at first then > > > jump to -d 65536. > > > > > > if it works try putting this line in your /etc/pam_ldap.conf: > > > > > > uri ldap://ldap.vu.edu.au:389/ > > > > > > (in addition to all the others) > > > > > > if it doesn't connect, sounds like there could be some sort of firewall > > > or other mechanism preventing connection. > > > > > > > > > > Watching the network, I can see pam_ldap doing a lookup for ldap.vu.edu.au > > > > - and getting a result, it looksup a AAAA record for ldap.vu.edu.au then > > > > AAAA for ldap.vu.edu.au.its.vu.edu.au then finally looks up A for > > > > ldap.vu.edu.au and gets an IP address. But it never attempts to connect. > > > > > > > > For some reason, and I don;t know why ldap_simple_bind fails without > > > > attempting to connect the host. > > > > > > not sure either, but doing a ldapsearch SHOULD produce the same results > > > as what pam_ldap does, and you can turn on debugging to see whats going > > > on. > > > > > > good luck > > > > > > nate > > > > > > > > > > > > > > > > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
