Re: OpenDKIM 2.9.0 Beta period starting from Murray S. Kucherawy on 2013-10-07 (OpenDKIM Developers mailing list)

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Mon, 7 Oct 2013 14:41:15 -0700 (PDT)

On Mon, 7 Oct 2013, Andreas Schulze wrote:
> Now I set "LDAPSoftStart yes". opendkim still fail to start:
> # opendkim -n -x opendkim.conf
> opendkim: search.c:95: ldap_pvt_search: Assertion `ld != ((void *)0)' failed.

Are you able to get a complete stack trace from this?

> -> fix for me: start the ldapserver :-)
>
> 3. I play with SigningTable + KeyTable as ldap lookups based on contrib/ldap/
>
> opendkim-genzone without parameter has no output until I
> give 'ldap://localhost/dc=ldap?DKIMDomain,DKIMSelector,DKIMKey,?sub?(DKIMSelector=*)' as parameter.

This is as documented.

> Notice the "DKIMSelector=*" ...
>
> the LDAP Query I see at the ldap server is different in these two cases.
>
> first, implizit keytable from configfile (seen above):
> 525323d0 conn=1005 fd=10 ACCEPT from IP=127.0.0.1:7242 (IP=127.0.0.1:389)
> 525323d0 conn=1005 op=0 BIND dn="cn=opendkim,ou=services,dc=ldap" method=128
> 525323d0 conn=1005 op=0 BIND dn="cn=opendkim,ou=services,dc=ldap" mech=SIMPLE ssf=0
> 525323d0 conn=1005 op=0 RESULT tag=97 err=0 text=
> 525323d0 conn=1005 op=1 SRCH base="dc=ldap" scope=2 deref=0 filter="(DKIMSelector=\2A)"
> 525323d0 conn=1005 op=1 SRCH attr=DKIMDomain DKIMSelector DKIMKey
> 525323d0 conn=1005 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
> 525323d0 conn=1005 op=2 UNBIND
> 525323d0 conn=1005 fd=10 closed
>
> second, explizit keytable:
> 52532406 conn=1007 fd=10 ACCEPT from IP=127.0.0.1:7244 (IP=127.0.0.1:389)
> 52532406 conn=1007 op=0 BIND dn="cn=opendkim,ou=services,dc=ldap" method=128
> 52532406 conn=1007 op=0 BIND dn="cn=opendkim,ou=services,dc=ldap" mech=SIMPLE ssf=0
> 52532406 conn=1007 op=0 RESULT tag=97 err=0 text=
> 52532406 conn=1007 op=1 SRCH base="dc=ldap" scope=2 deref=0 filter="(DKIMSelector=*)"
> 52532406 conn=1007 op=1 SRCH attr=DKIMDomain DKIMSelector DKIMKey
> 52532406 conn=1007 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
> 52532406 conn=1007 op=2 UNBIND
> 52532406 conn=1007 fd=10 closed

Looks like in one case the "*" is escaped, and in the other it isn't.
I'm not an LDAP expert, so which one is right?

-MSK
Received on Mon Oct 07 2013 - 21:41:40 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 07 2013 - 21:45:02 PST