ldaps query

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

ldaps query

Roland de Lepper-2
Dear all,

I've configured Postfix to contact an MS 2008ADS when a mail arrives to
check if the recipient is known.

In my log, I'll get the following message:

Oct 11 12:52:28 euzarafa postfix/smtpd[19209]: warning: dict_ldap_open:
URL scheme ldaps requires protocol version 3
Oct 11 12:52:28 euzarafa postfix/smtpd[19209]: warning: dict_ldap_open:
URL scheme ldaps requires protocol version 3
Oct 11 12:52:28 euzarafa postfix/smtpd[19209]: connect from
eumailscan.cvislabs.eu[192.168.125.98]
Oct 11 12:52:28 euzarafa postfix/trivial-rewrite[19211]: warning:
dict_ldap_open: URL scheme ldaps requires protocol version 3
Oct 11 12:52:28 euzarafa postfix/cleanup[19212]: warning: dict_ldap_open:
URL scheme ldaps requires protocol version 3
Oct 11 12:52:28 euzarafa postfix/smtpd[19209]: 8B3EE708001:
client=eumailscan.cvislabs.eu[192.168.125.98]
Oct 11 12:52:28 euzarafa postfix/cleanup[19212]: 8B3EE708001:
message-id=<[hidden email]>
Oct 11 12:52:28 euzarafa postfix/smtpd[19209]: disconnect from
eumailscan.cvislabs.eu[192.168.125.98]
Oct 11 12:52:28 euzarafa postfix/qmgr[18862]: 8B3EE708001:
from=<[hidden email]>, size=3801, nrcpt=1 (queue active)
Oct 11 12:52:29 euzarafa postfix/lmtp[19213]: 8B3EE708001:
to=<[hidden email]>, orig_to=<[hidden email]>,
relay=127.0.0.1[127.0.0.1]:2003, delay=0.64, delays=0.22/0.02/0.05/0.35,
dsn=2.1.5, status=sent (250 2.1.5 [hidden email] Ok)
Oct 11 12:52:29 euzarafa postfix/qmgr[18862]: 8B3EE708001: removed


The mail will be delivered, but it's an annoying message in my logs.

When query a user via postmap, i'll this as result:

postmap: warning: dict_ldap_open: URL scheme ldaps requires protocol
version 3

What does this mean and how to solve?

Kind regards,

Roland de Lepper

Reply | Threaded
Open this post in threaded view
|

Re: ldaps query

Bastian Blank-3
On Sun, Oct 11, 2009 at 01:11:12PM +0200, Roland de Lepper wrote:
> When query a user via postmap, i'll this as result:
> postmap: warning: dict_ldap_open: URL scheme ldaps requires protocol
> version 3
> What does this mean and how to solve?

Which part do you fail to understand? ldaps should be know, you've
written it into the config file. And the relation A => B should be
nothing uncommon. Version 3 is something a LDAP admin have to know.

The whole thing is documented in ldap_table in the "LDAP SSL AND
STARTTLS PARAMETERS" section.

Bastian

--
Men will always be men -- no matter where they are.
                -- Harry Mudd, "Mudd's Women", stardate 1329.8
Reply | Threaded
Open this post in threaded view
|

Re: ldaps query

Roland de Lepper-2
Hi Bastian,

Thanks for the reply.

I've read the man page and the documentation. MS ADS 2008R2 using another
LDAP version probably, because parameter 'version = 3' doesn't solve my
problem with the postmap search.

Without using LDAPS, so LDAP, I don't get this warning.

I've searched the internet for similar problems, but couldn't find any
solution for my particular problem.

regards,

Roland

> On Sun, Oct 11, 2009 at 01:11:12PM +0200, Roland de Lepper wrote:
>> When query a user via postmap, i'll this as result:
>> postmap: warning: dict_ldap_open: URL scheme ldaps requires protocol
>> version 3
>> What does this mean and how to solve?
>
> Which part do you fail to understand? ldaps should be know, you've
> written it into the config file. And the relation A => B should be
> nothing uncommon. Version 3 is something a LDAP admin have to know.
>
> The whole thing is documented in ldap_table in the "LDAP SSL AND
> STARTTLS PARAMETERS" section.
>
> Bastian
>
> --
> Men will always be men -- no matter where they are.
> -- Harry Mudd, "Mudd's Women", stardate 1329.8
>


Reply | Threaded
Open this post in threaded view
|

Re: ldaps query

Wietse Venema
Roland de Lepper:
> Hi Bastian,
>
> Thanks for the reply.
>
> I've read the man page and the documentation. MS ADS 2008R2 using another
> LDAP version probably, because parameter 'version = 3' doesn't solve my
> problem with the postmap search.

The error message:

    postmap: warning: dict_ldap_open: URL scheme ldaps requires
    protocol version 3

Means that the POSTMAP command did not find "version = 3" in main.cf.

How many main.cf files exist on your machine?

    find / -name main.cf -ls

This may show up some surprises.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: ldaps query

Roland de Lepper-2
Hi Wietse,

I only have one (1) main.cf file in /etc/postfix.

[root@euzarafa postfix]# find / -name main.cf -ls
5079460   32 -rw-r--r--   1 root     root        28178 Oct 11 19:45
/etc/postfix/main.cf
[root@euzarafa postfix]#

Indeed, that's what I've read in the man page to use 'version = 3' parameter.

Here is a short copy of my main.cf file:

zarafa_destination_recipient_limit = 1
##virtual_transport = zarafa:
virtual_transport = lmtp:127.0.0.1:2003
#
virtual_mailbox_domains = cvislabs.eu
#
virtual_mailbox_maps = ldap:ldap-users
ldap-users_server_host = ldaps://eumicrosoft.cvislabs.eu:636
##ldap-users_server_host = ldap://eumicrosoft.cvislabs.eu
tls_ca_cert_file = /etc/ssl/certs/eumicrosoft.pem
ldap-users_bind_dn = cn=roland,ou=Zarafa,dc=cvislabs,dc=eu
ldap-users_bind_pw = XXXXXX
ldap-users_search_base = ou=Zarafa,dc=cvislabs,dc=eu
version = 3
ldap-users_scope = sub
ldap-users_query_filter = (mail=%s)
ldap-users_result_attribute = sAMAccountName
#
virtual_alias_maps = ldap:ldap_virtual_alias
ldap_virtual_alias_server_host = ldaps://eumicrosoft.cvislabs.eu:636
##ldap_virtual_alias_server_host = ldap://eumicrosoft.cvislabs.eu
tls_ca_cert_file = /etc/ssl/certs/eumicrosoft.pem
ldap_virtual_alias_bind_dn = cn=roland,ou=Zarafa,dc=cvislabs,dc=eu
ldap_virtual_alias_bind_pw = XXXXXX
ldap_virtual_alias_search_base = ou=Zarafa,dc=cvislabs,dc=eu
version = 3
ldap_virtual_alias_scope = sub
ldap_virtual_alias_query_filter = (otherMailbox=%s)
ldap_virtual_alias_result_attribute = mail
[root@euzarafa postfix]#

Regards,

Roland

> Roland de Lepper:
>> Hi Bastian,
>>
>> Thanks for the reply.
>>
>> I've read the man page and the documentation. MS ADS 2008R2 using
>> another
>> LDAP version probably, because parameter 'version = 3' doesn't solve my
>> problem with the postmap search.
>
> The error message:
>
>     postmap: warning: dict_ldap_open: URL scheme ldaps requires
>     protocol version 3
>
> Means that the POSTMAP command did not find "version = 3" in main.cf.
>
> How many main.cf files exist on your machine?
>
>     find / -name main.cf -ls
>
> This may show up some surprises.
>
> Wietse
>


Reply | Threaded
Open this post in threaded view
|

Re: ldaps query

Wietse Venema
Roland de Lepper:
[ Charset ISO-8859-1 unsupported, converting... ]

> Hi Wietse,
>
> I only have one (1) main.cf file in /etc/postfix.
>
> [root@euzarafa postfix]# find / -name main.cf -ls
> 5079460   32 -rw-r--r--   1 root     root        28178 Oct 11 19:45
> /etc/postfix/main.cf
> [root@euzarafa postfix]#
>
> Indeed, that's what I've read in the man page to use 'version = 3' parameter.
>
> Here is a short copy of my main.cf file:
>
> zarafa_destination_recipient_limit = 1
> ##virtual_transport = zarafa:
> virtual_transport = lmtp:127.0.0.1:2003
> #
> virtual_mailbox_domains = cvislabs.eu
> #
> virtual_mailbox_maps = ldap:ldap-users
> ldap-users_server_host = ldaps://eumicrosoft.cvislabs.eu:636
> ##ldap-users_server_host = ldap://eumicrosoft.cvislabs.eu
> tls_ca_cert_file = /etc/ssl/certs/eumicrosoft.pem
> ldap-users_bind_dn = cn=roland,ou=Zarafa,dc=cvislabs,dc=eu
> ldap-users_bind_pw = XXXXXX
> ldap-users_search_base = ou=Zarafa,dc=cvislabs,dc=eu
> version = 3

Hey, RTFM the ldap_table manpage

BACKWARDS COMPATIBILITY
       For backwards compatibility with Postfix version 2.0 and earlier,  LDAP
       parameters  can  also  be defined in main.cf.  Specify as LDAP source a
       name that doesn't begin with a slash or a  dot.   The  LDAP  parameters
       will then be accessible as the name you've given the source in its def-
       inition, an underscore, and the name of the parameter.  For example, if
       the  map is specified as "ldap:ldapsource", the "server_host" parameter
       below would be defined in main.cf as "ldapsource_server_host".


        Wietse