LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Postfix and Ldap: Unable to bind to server (https://www.linuxquestions.org/questions/linux-server-73/postfix-and-ldap-unable-to-bind-to-server-686099/)

linuxpyro 11-25-2008 05:36 PM
[SOLVED] Postfix and Ldap: Unable to bind to server
 
I have a Debian Etch box I am trying to use to host multiple virtual domains for Email. I am using Postfix 2.3.8-2+etch1 and OpenLDAP 2.3.30-5+etch2. Right now I am having trouble getting Postfix to talk to ldap. It gives errors about not being able to bind:

Code:
Nov 26 04:33:02 clamato postfix/smtpd[32745]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Nov 26 04:33:02 clamato postfix/smtpd[32745]: connect from localhost[127.0.0.1]
Nov 26 04:33:14 clamato postfix/trivial-rewrite[32747]: warning: dict_ldap_connect: Unable to bind to server ldap://localhost:389 as : 2 (Protocol error)
Nov 26 04:33:14 clamato last message repeated 2 times
Nov 26 04:33:14 clamato postfix/trivial-rewrite[32747]: fatal: ldap:transport(0,lock|fold_fix): table lookup problem
Nov 26 04:33:15 clamato postfix/smtpd[32745]: warning: premature end-of-input on private/rewrite socket while reading input attribute name
Nov 26 04:33:15 clamato postfix/master[32737]: warning: process /usr/lib/postfix/trivial-rewrite pid 32747 exit status 1
Nov 26 04:33:16 clamato postfix/trivial-rewrite[32748]: warning: dict_ldap_connect: Unable to bind to server ldap://localhost:389 as : 2 (Protocol error)
Nov 26 04:33:16 clamato last message repeated 2 times
Nov 26 04:33:16 clamato postfix/trivial-rewrite[32748]: fatal: ldap:transport(0,lock|fold_fix): table lookup problem
Nov 26 04:33:17 clamato postfix/smtpd[32745]: warning: premature end-of-input on private/rewrite socket while reading input attribute name
Nov 26 04:33:17 clamato postfix/smtpd[32745]: warning: problem talking to service rewrite: Success
Nov 26 04:33:17 clamato postfix/master[32737]: warning: process /usr/lib/postfix/trivial-rewrite pid 32748 exit status 1
Nov 26 04:33:17 clamato postfix/master[32737]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup -- throttling
The above came in /var/log/maillog after telnetting into port 25 of my mail server, and then typing MAIL FROM:me@mydomain and hitting enter; nothing else was returned at the prompt.

You can find my main.cf here: http://bokonon.rit.edu/main.cf. I searched around and found someone who mentioned that removing the ldap_ prfix that was present on some of the variables solved the problem, though it hasn't in my case.

Has anyone seen this sort of thing before?

blacky_5251 11-25-2008 11:54 PM
Look in the /etc/ldap.conf file and you'll see something like this:-
Code:
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
rootbinddn cn=manager,dc=example,dc=com
The file /etc/ldap.secret needs to be owned and readable by root only - e.g.
Code:
2.6.18-92.1.13.el5xen[root@www etc]# ls -l ldap.secret
-rw------- 1 root root 8 Jun 13 11:09 ldap.secret
2.6.18-92.1.13.el5xen[root@www etc]#
The file itself needs to hold the password for the rootbinddn entry in /etc/ldap.conf (i.e. cn=manager,dc=example,dc=com)

Hope that helps!

linuxpyro 11-26-2008 01:58 PM
I already have the admin dn defined in /etc/openldap/slapd.conf, and a password set in the directory. I can log in and browse my directory using phpldapadmin just fine, using the username and password in my main.cf, so I'm not sure that's the problem.

blacky_5251 11-26-2008 04:00 PM
Can you please post the (censored) output from:-
Code:
postconf -n
I can post mine if you want. I'm using Postfix 2:2.3.3-2.1.el5_2 with OpenLDAP 2.3.27-8.el5_2.4 and Dovecot 1.0.7-2.el5 on a CentOS 5.2 box. I must admit that I'm not using virtual email domains, so there could be some complexity there that I will not be aware of.

linuxpyro 11-27-2008 02:55 PM
Quote:
Originally Posted by blacky_5251 (Post 3355859)
Can you please post the (censored) output from:-
Code:
postconf -n
I can post mine if you want.
Here is my postconf -n:

Code:
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
home_mailbox = Maildir/
local_recipient_maps = proxy:unix:passwd.byname, $alias_maps, $virtual_mailbox_maps
mydestination = $transport_maps, localhost, $myhostname, localhost.$mydomain, $mydomain
mydomain = mydomain.com
myhostname = clamato.mydomain.com
mynetworks = 127.0.0.0/8, 192.168.0.0/16
mynetworks_style = subnet
myorigin = $mydomain
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
transport_maps = hash:/etc/postfix/transport, ldap:transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual, ldap:virtualforward, ldap:aliases, ldap:accountsmap
virtual_gid_maps = static:1002
virtual_mailbox_base = /var/mail/virtual/domains
virtual_mailbox_maps = ldap:accounts
virtual_minimum_uid = 1002
virtual_uid_maps = static:1002
(Again, note that I changed my actual domain to mydomain.)

If you wouldn't mind, I guess I would like to see your's.

blacky_5251 11-27-2008 03:06 PM
I feel like a schoolboy again. I'll show you mine if you show me yours....
Code:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
local_recipient_maps =
mail_owner = postfix
mailbox_command = /usr/bin/procmail -a "$EXTENSION" DEFAULT=$HOME/Maildir/ MAILDIR=$HOME/Maildir
mailbox_size_limit = 51200000000
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 102400000
mydestination = <snip>mydomain</snip>, localhost.localdomain
mynetworks = 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24, 192.168.5.0/24, 127.0.0.0/8
myorigin = <snip>mydomain</snip>
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
recipient_delimiter = +
relayhost = mail.internode.on.net
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions = permit_mynetworks,    permit_sasl_authenticated,    permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,    reject_non_fqdn_helo_hostname,    reject_invalid_helo_hostname,    permit
smtpd_recipient_restrictions = reject_unauth_pipelining,    reject_non_fqdn_recipient,    reject_unknown_recipient_domain,    permit_mynetworks,    permit_sasl_authenticated,    reject_unauth_destination,    reject_rbl_client dnsbl.spamhaus.org,    reject_rbl_client bl.spamcop.net,    reject_rbl_client list.dsbl.org,    reject_rbl_client cbl.abuseat.org,    reject_rbl_client dnsbl.njabl.org,    check_policy_service inet:127.0.0.1:10023,    permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous noplaintext
smtpd_sender_restrictions = permit_mynetworks,    reject_non_fqdn_sender,    reject_unknown_sender_domain,    permit
smtpd_tls_cert_file = /etc/pki/tls/certs/dovecot.pem
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
For completeness, here's my /etc/postfix/master.cf file:-
Code:
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#              (yes)  (yes)  (yes)  (never) (100)
# ==========================================================================
smtp      inet  n      -      n      -      -      smtpd
# -----------------------------------------------------------------------------------
#submission inet n      -      n      -      -      smtpd
#  -o smtpd_enforce_tls=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

# For outlook express (Ian 12/05/08)
smtps    inet  n      -      n      -      -      smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_security_options=noanonymous
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628      inet  n      -      n      -      -      qmqpd
pickup    fifo  n      -      n      60      1      pickup
cleanup  unix  n      -      n      -      0      cleanup
qmgr      fifo  n      -      n      300    1      qmgr
#qmgr    fifo  n      -      n      300    1      oqmgr
tlsmgr    unix  -      -      n      1000?  1      tlsmgr
rewrite  unix  -      -      n      -      -      trivial-rewrite
bounce    unix  -      -      n      -      0      bounce
defer    unix  -      -      n      -      0      bounce
trace    unix  -      -      n      -      0      bounce
verify    unix  -      -      n      -      1      verify
flush    unix  n      -      n      1000?  0      flush
proxymap  unix  -      -      n      -      -      proxymap
smtp      unix  -      -      n      -      -      smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay    unix  -      -      n      -      -      smtp
        -o fallback_relay=
#      -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq    unix  n      -      n      -      -      showq
error    unix  -      -      n      -      -      error
discard  unix  -      -      n      -      -      discard
local    unix  -      n      n      -      -      local
virtual  unix  -      n      n      -      -      virtual
lmtp      unix  -      -      n      -      -      lmtp
anvil    unix  -      -      n      -      1      anvil
scache    unix  -      -      n      -      1      scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -      n      n      -      -      pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix  -      n      n      -      -      pipe
  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus    unix  -      n      n      -      -      pipe
  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -      n      n      -      -      pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -      n      n      -      -      pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp    unix  -      n      n      -      -      pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

linuxpyro 12-06-2008 08:30 PM
Alright guys, sorry for leaving this for a while but it's been driving me crazy, and I had to get my head out of it for a bit. ;) Blacky_5251, thanks for your info, though I think this is LDAP-specific.

First I added the line allow bind_v2 to my slapd.conf, which got rid of the protocol error. Next I went through the Postfix documentation for a while, but this is all the progress I've made. I created a file called ldap-users.cf, with the following:

Code:
server_host = localhost
search_base = dc=mydomain,dc=com
version = 3
query_filter = (&(objectclass=person)(mail=%s))
result_attribute = uid
result_format = %s/Maildir/
Next, I try to search for a virtual domain entry with the following:

Code:
postmap -q me@myvirtualdomain.com ldap:ldap-users.cf
I now got the following as a result:

Code:
postmap: warning: dict_ldap_lookup: ldap-users.cf: Search base '' not found: 32: No such object
I'm not sure about this one, as that should be my correct search base.

linuxpyro 12-09-2008 11:07 PM
Alright, I think I made some progress. When working with the postmap command, it wants to see a full path to the filename, not just a relative path. So this works:

Code:
postmap -q me@myvirtualdomain.com ldap:/etc/postfix/ldap-users.cf
I think I can figure the rest out; thanks to those who replied.


All times are GMT -5. The time now is 04:36 PM.