Re: OpenDKIM 2.9.0 Beta period starting
On Mon, 7 Oct 2013, Andreas Schulze wrote:
> Now I set "LDAPSoftStart yes". opendkim still fail to start:
> # opendkim -n -x opendkim.conf
> opendkim: search.c:95: ldap_pvt_search: Assertion `ld != ((void *)0)' failed.
Are you able to get a complete stack trace from this?
> -> fix for me: start the ldapserver :-)
>
> 3. I play with SigningTable + KeyTable as ldap lookups based on contrib/ldap/
>
> opendkim-genzone without parameter has no output until I
> give 'ldap://localhost/dc=ldap?DKIMDomain,DKIMSelector,DKIMKey,?sub?(DKIMSelector=*)' as parameter.
This is as documented.
> Notice the "DKIMSelector=*" ...
>
> the LDAP Query I see at the ldap server is different in these two cases.
>
> first, implizit keytable from configfile (seen above):
> 525323d0 conn=1005 fd=10 ACCEPT from IP=127.0.0.1:7242 (IP=127.0.0.1:389)
> 525323d0 conn=1005 op=0 BIND dn="cn=opendkim,ou=services,dc=ldap" method=128
> 525323d0 conn=1005 op=0 BIND dn="cn=opendkim,ou=services,dc=ldap" mech=SIMPLE ssf=0
> 525323d0 conn=1005 op=0 RESULT tag=97 err=0 text=
> 525323d0 conn=1005 op=1 SRCH base="dc=ldap" scope=2 deref=0 filter="(DKIMSelector=\2A)"
> 525323d0 conn=1005 op=1 SRCH attr=DKIMDomain DKIMSelector DKIMKey
> 525323d0 conn=1005 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
> 525323d0 conn=1005 op=2 UNBIND
> 525323d0 conn=1005 fd=10 closed
>
> second, explizit keytable:
> 52532406 conn=1007 fd=10 ACCEPT from IP=127.0.0.1:7244 (IP=127.0.0.1:389)
> 52532406 conn=1007 op=0 BIND dn="cn=opendkim,ou=services,dc=ldap" method=128
> 52532406 conn=1007 op=0 BIND dn="cn=opendkim,ou=services,dc=ldap" mech=SIMPLE ssf=0
> 52532406 conn=1007 op=0 RESULT tag=97 err=0 text=
> 52532406 conn=1007 op=1 SRCH base="dc=ldap" scope=2 deref=0 filter="(DKIMSelector=*)"
> 52532406 conn=1007 op=1 SRCH attr=DKIMDomain DKIMSelector DKIMKey
> 52532406 conn=1007 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
> 52532406 conn=1007 op=2 UNBIND
> 52532406 conn=1007 fd=10 closed
Looks like in one case the "*" is escaped, and in the other it isn't.
I'm not an LDAP expert, so which one is right?
-MSK
Received on Mon Oct 07 2013 - 21:41:40 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 07 2013 - 21:45:02 PST