Date: Mon, 7 Oct 2013 23:30:33 +0200
Am 06.10.2013 01:44 schrieb Murray S. Kucherawy:
> I've posted Beta0 of version 2.9.0 of the OpenDKIM package in the
> Pre-Releases directory on SourceForge.
1. libjansson is not part of Debian Squeeze
-> fix for me: I build the Debian Wheezy package for Debian Squeeze
2. I noticed a problem starting opendkim if ldap is configured but LDAP-Server is down.
# grep -i ldap opendkim.conf
SigningTable ldap://localhost/dc=ldap?DKIMSelector?sub?(DKIMIdentity=$d)
KeyTable ldap://localhost/dc=ldap?DKIMDomain,DKIMSelector,DKIMKey,?sub?(DKIMSelector=$d)
LDAPSoftStart no
LDAPBindUser cn=opendkim,dc=ldap
LDAPBindPassword test
# opendkim -n -x opendkim.conf
opendkim: opendkim.conf: ldap://localhost/dc=ldap?DKIMSelector?sub?(DKIMIdentity=$d): dkimf_db_open(): Can't contact LDAP server
-> expected if the LDAP-Server is down while starting opendkim
Now I set "LDAPSoftStart yes". opendkim still fail to start:
# opendkim -n -x opendkim.conf
opendkim: search.c:95: ldap_pvt_search: Assertion `ld != ((void *)0)' failed.
-> fix for me: start the ldapserver :-)
3. I play with SigningTable + KeyTable as ldap lookups based on contrib/ldap/
opendkim-genzone without parameter has no output until I
give 'ldap://localhost/dc=ldap?DKIMDomain,DKIMSelector,DKIMKey,?sub?(DKIMSelector=*)' as parameter.
Notice the "DKIMSelector=*" ...
the LDAP Query I see at the ldap server is different in these two cases.
first, implizit keytable from configfile (seen above):
525323d0 conn=1005 fd=10 ACCEPT from IP=127.0.0.1:7242 (IP=127.0.0.1:389)
525323d0 conn=1005 op=0 BIND dn="cn=opendkim,ou=services,dc=ldap" method=128
525323d0 conn=1005 op=0 BIND dn="cn=opendkim,ou=services,dc=ldap" mech=SIMPLE ssf=0
525323d0 conn=1005 op=0 RESULT tag=97 err=0 text=
525323d0 conn=1005 op=1 SRCH base="dc=ldap" scope=2 deref=0 filter="(DKIMSelector=\2A)"
525323d0 conn=1005 op=1 SRCH attr=DKIMDomain DKIMSelector DKIMKey
525323d0 conn=1005 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
525323d0 conn=1005 op=2 UNBIND
525323d0 conn=1005 fd=10 closed
second, explizit keytable:
52532406 conn=1007 fd=10 ACCEPT from IP=127.0.0.1:7244 (IP=127.0.0.1:389)
52532406 conn=1007 op=0 BIND dn="cn=opendkim,ou=services,dc=ldap" method=128
52532406 conn=1007 op=0 BIND dn="cn=opendkim,ou=services,dc=ldap" mech=SIMPLE ssf=0
52532406 conn=1007 op=0 RESULT tag=97 err=0 text=
52532406 conn=1007 op=1 SRCH base="dc=ldap" scope=2 deref=0 filter="(DKIMSelector=*)"
52532406 conn=1007 op=1 SRCH attr=DKIMDomain DKIMSelector DKIMKey
52532406 conn=1007 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
52532406 conn=1007 op=2 UNBIND
52532406 conn=1007 fd=10 closed
I captured the packets on the wire (loopback :-) and attached screenshots + trace.
Andreas
- application/octet-stream attachment: ldap-trace
(image/jpeg attachment: ldap-implicit.jpg)
(image/jpeg attachment: ldap-explicit.jpg)