Loading ...
Sorry, an error occurred while loading the content.

Re: dict_ldap_connect: Unable to bind to server ldap://localhost:389 as : 2 (Protocol error)

Expand Messages
  • Victor Duchovni
    ... What do you by in the same dir ? The above syntax is for settings in main.cf and table references of the form ldap:domains . If you want settings in a
    Message 1 of 6 , Mar 1, 2008
    • 0 Attachment
      On Sat, Mar 01, 2008 at 02:33:28PM +0000, Lou Picciano wrote:

      > Victor,
      >
      > As I mentioned in my original post, I had already tried the syntax within the ldap source both prefixed, and non-prefixed, with same results...
      > (I simply sent you the result of the last experiment!)
      >
      > I've since updated OpenLDAP to v2.4.8, and have rebuilt Postfix 2.5.1 against it. Per your note, all entries in ldap sources are 'prefixed' appropriately:
      >
      > # = = = LDAP DOMAINS - have similar files for accounts, accountsmaps and aliases.
      > domains_server_host = 127.0.0.1
      > domains_version = 3
      > domains_search_base = o=mail,dc=realdomainname,dc=com
      > domains_query_filter = (&(objectClass=JammVirtualDomain)(jvd=%s)(accountActive=TRUE)(delete=FALSE))
      > domains_result_attribute = jvd
      > domains_bind = no
      > domains_scope = one
      >
      > - Though all ldap 'source' definitions are in same dir as main.cf, postmap responds as if it cannot read the file

      What do you by "in the same dir"? The above syntax is for settings in main.cf
      and table references of the form "ldap:domains". If you want settings in a
      separate file, remove *all* the prefixes, and use:

      ldap:/etc/postfix/domains.cf

      assuming that the file is /etc/postfix/domains.cf. You sure seem to have
      the wrong end of the stick...

      --
      Viktor.

      Disclaimer: off-list followups get on-list replies or get ignored.
      Please do not ignore the "Reply-To" header.

      To unsubscribe from the postfix-users list, visit
      http://www.postfix.org/lists.html or click the link below:
      <mailto:majordomo@...?body=unsubscribe%20postfix-users>

      If my response solves your problem, the best way to thank me is to not
      send an "it worked, thanks" follow-up. If you must respond, please put
      "It worked, thanks" in the "Subject" so I can delete these quickly.
    • Lou Picciano
      Victor, Yes, we clearly have something fundamental not working here. Apologies if I ve added to the confusion. Our issue remains that we cannot query against
      Message 2 of 6 , Mar 2, 2008
      • 0 Attachment
        Victor,

        Yes, we clearly have something fundamental not working here.
        Apologies if I've added to the confusion.

        Our issue remains that we cannot query against an LDAP store if that ldap source
        is defined in its own file.
        To clarify: We have the following files impacting ldap:

        in directory /etc/postfix:
        main.cf
        domains
        aliases
        accounts
        accountsmaps

        - snippet of main.cf:
        ...
        # = = = = = = = = = = LDAP SETUP = = = = = = = = = = = = = = = = = =
        # LDAP sources: accounts, accountsmaps, domains, aliases
        # - First: the virtual alias maps
        virtual_alias_maps = ldap:/etc/postfix/accountsmap, ldap:/etc/postfix/aliases

        #virtual_transport = virtual

        # This sets up the domain-based email under vmail's 'home' dir
        virtual_mailbox_base = /export/home/vmail/domains

        virtual_mailbox_maps = ldap:/etc/postfix/accounts
        virtual_mailbox_domains = ldap:/etc/postfix/domains
        # =======

        For the file 'domains', we've tried it two ways:

        1) - content of /etc/postfix/domains: (other 3 ldap 'source' files use similar
        syntax)
        # = = = LDAP DOMAINS
        domains_server_host = 127.0.0.1
        domains_version = 3
        #domains_port = 389
        domains_search_base = o=mail,dc= realdomainname,dc=com
        domains_query_filter =
        (&(objectClass=JammVirtualDomain)(jvd=%s)(accountActive=TRUE)(delete=FALSE))
        domains_result_attribute = jvd
        domains_bind = no
        domains_scope = one
        # end LDAP DOMAINS = = = = = = = = = = = = = = = = = = = = = = = = = = =

        - OR -
        2) - content of /etc/postfix/domains:
        # = = = LDAP DOMAINS
        server_host = 127.0.0.1
        version = 3
        #port = 389
        search_base = o=mail,dc= realdomainname,dc=com
        query_filter =
        (&(objectClass=JammVirtualDomain)(jvd=%s)(accountActive=TRUE)(delete=FALSE))
        result_attribute = jvd
        bind = no
        scope = one
        # end LDAP DOMAINS = = = = = = = = = = = = = = = = = = = = = = = = = = =

        With _either_ formatting of the 'domains' file, we cannot get postmap to make
        use of the domains source:

        postmap: dict_ldap_connect: Actual Protocol version used is 2.
        postmap: dict_ldap_connect: Binding to server ldap://localhost:389 as dn
        postmap: dict_ldap_connect: Successful bind to server ldap://localhost:389 as
        postmap: dict_ldap_connect: Cached connection handle for LDAP source domains
        postmap: dict_ldap_lookup: domains: Searching with filter (mailacceptinggeneralid=wonderland.com)
        postmap: warning: dict_ldap_lookup: domains: Search base '' not found: 32: No such object

        Please note: All of this _does_ work fine if we put each ldap source definition
        directly into main.cf, so this has become something of an academic exercise.
        LDAP sources as external files should work fine, though, right?

        Thanks. Lou

        -------------- Original message ----------------------
        From: Victor Duchovni <Victor.Duchovni@...>
        > On Sat, Mar 01, 2008 at 02:33:28PM +0000, Lou Picciano wrote:
        >
        > > Victor,
        > >
        > > As I mentioned in my original post, I had already tried the syntax within
        the
        > ldap source both prefixed, and non-prefixed, with same results...
        > > (I simply sent you the result of the last experiment!)
        > >
        > > I've since updated OpenLDAP to v2.4.8, and have rebuilt Postfix 2.5.1
        against
        > it. Per your note, all entries in ldap sources are 'prefixed' appropriately:
        > >
        > > # = = = LDAP DOMAINS - have similar files for accounts, accountsmaps and
        > aliases.
        > > domains_server_host = 127.0.0.1
        > > domains_version = 3
        > > domains_search_base = o=mail,dc=realdomainname,dc=com
        > > domains_query_filter =
        > (&(objectClass=JammVirtualDomain)(jvd=%s)(accountActive=TRUE)(delete=FALSE))
        > > domains_result_attribute = jvd
        > > domains_bind = no
        > > domains_scope = one
        > >
        > > - Though all ldap 'source' definitions are in same dir as main.cf, postmap
        > responds as if it cannot read the file
        >
        > What do you by "in the same dir"? The above syntax is for settings in main.cf
        > and table references of the form "ldap:domains". If you want settings in a
        > separate file, remove *all* the prefixes, and use:
        >
        > ldap:/etc/postfix/domains.cf
        >
        > assuming that the file is /etc/postfix/domains.cf. You sure seem to have
        > the wrong end of the stick...
        >
        > --
        > Viktor.
        >
        > Disclaimer: off-list followups get on-list replies or get ignored.
        > Please do not ignore the "Reply-To" header.
        >
        > To unsubscribe from the postfix-users list, visit
        > http://www.postfix.org/lists.html or click the link below:
        > <mailto:majordomo@...?body=unsubscribe%20postfix-users>
        >
        > If my response solves your problem, the best way to thank me is to not
        > send an "it worked, thanks" follow-up. If you must respond, please put
        > "It worked, thanks" in the "Subject" so I can delete these quickly.
      • Victor Duchovni
        ... This is wrong. Prefixes are only used with settings in main.cf ... This is correct (assuming the query filter is actually on one line or the second line
        Message 3 of 6 , Mar 2, 2008
        • 0 Attachment
          On Sun, Mar 02, 2008 at 08:38:35PM +0000, Lou Picciano wrote:

          > Victor,
          >
          > Yes, we clearly have something fundamental not working here.
          > Apologies if I've added to the confusion.
          >
          > Our issue remains that we cannot query against an LDAP store if that ldap source
          > is defined in its own file.
          > To clarify: We have the following files impacting ldap:
          >
          > in directory /etc/postfix:
          > main.cf
          > domains
          > aliases
          > accounts
          > accountsmaps
          >
          > - snippet of main.cf:
          > ...
          > # = = = = = = = = = = LDAP SETUP = = = = = = = = = = = = = = = = = =
          > # LDAP sources: accounts, accountsmaps, domains, aliases
          > # - First: the virtual alias maps
          > virtual_alias_maps = ldap:/etc/postfix/accountsmap, ldap:/etc/postfix/aliases
          >
          > #virtual_transport = virtual
          >
          > # This sets up the domain-based email under vmail's 'home' dir
          > virtual_mailbox_base = /export/home/vmail/domains
          >
          > virtual_mailbox_maps = ldap:/etc/postfix/accounts
          > virtual_mailbox_domains = ldap:/etc/postfix/domains
          > # =======
          >
          > For the file 'domains', we've tried it two ways:
          >
          > 1) - content of /etc/postfix/domains: (other 3 ldap 'source' files use similar
          > syntax)
          > # = = = LDAP DOMAINS
          > domains_server_host = 127.0.0.1
          > domains_version = 3
          > #domains_port = 389
          > domains_search_base = o=mail,dc= realdomainname,dc=com
          > domains_query_filter =
          > (&(objectClass=JammVirtualDomain)(jvd=%s)(accountActive=TRUE)(delete=FALSE))
          > domains_result_attribute = jvd
          > domains_bind = no
          > domains_scope = one
          > # end LDAP DOMAINS = = = = = = = = = = = = = = = = = = = = = = = = = = =

          This is wrong. Prefixes are only used with settings in main.cf

          > - OR -
          > 2) - content of /etc/postfix/domains:
          > # = = = LDAP DOMAINS
          > server_host = 127.0.0.1
          > version = 3
          > #port = 389
          > search_base = o=mail,dc= realdomainname,dc=com
          > query_filter =
          > (&(objectClass=JammVirtualDomain)(jvd=%s)(accountActive=TRUE)(delete=FALSE))
          > result_attribute = jvd
          > bind = no
          > scope = one
          > # end LDAP DOMAINS = = = = = = = = = = = = = = = = = = = = = = = = = = =
          >

          This is correct (assuming the query filter is actually on one line or
          the second line starts with whitespace). Show more detailed evidence for
          this case.

          > With _either_ formatting of the 'domains' file, we cannot get postmap to make
          > use of the domains source:
          >
          > postmap: dict_ldap_connect: Actual Protocol version used is 2.
          > postmap: dict_ldap_connect: Binding to server ldap://localhost:389 as dn
          > postmap: dict_ldap_connect: Successful bind to server ldap://localhost:389 as
          > postmap: dict_ldap_connect: Cached connection handle for LDAP source domains
          > postmap: dict_ldap_lookup: domains: Searching with filter (mailacceptinggeneralid=wonderland.com)

          Clearly not using the filter you defined, so your settings are not the
          correct version above.

          If you are having to guess randomly between documented syntax and a
          main.cf/external-file chimera, you should read the documentation until
          it becomes clear. Once you *know* you have the right settings, and they
          still don't work, report clear evidence here.

          --
          Viktor.

          Disclaimer: off-list followups get on-list replies or get ignored.
          Please do not ignore the "Reply-To" header.

          To unsubscribe from the postfix-users list, visit
          http://www.postfix.org/lists.html or click the link below:
          <mailto:majordomo@...?body=unsubscribe%20postfix-users>

          If my response solves your problem, the best way to thank me is to not
          send an "it worked, thanks" follow-up. If you must respond, please put
          "It worked, thanks" in the "Subject" so I can delete these quickly.
        Your message has been successfully submitted and would be delivered to recipients shortly.