Hi,
I tried to use LDAP with SASL/EXTERNAL to connect to my LDAP servers. Unfortunately I only gain segmentation faults and I don't know how to configure it exactly.
This is my configuration:
# file: /etc/opendkim-sign.conf
Syslog yes
SyslogSuccess yes
Socket inet6:8892_at_[::1]
Background no
Canonicalization relaxed/simple
SendReports yes
MacroList csl:daemon_name-SUBMISSION
Mode s
InternalHosts csl:127.0.0.1,88.198.80.229,88.198.80.229,::1,2a01:4f8:131:1081:88:198:80:229
RemoveOldSignatures yes
# I do not want to bind like this
# LDAPBindUser cn=mail,ou=people,ou=it,dc=roessner-net,dc=de
# LDAPBindPassword ******************
# I prefer SASL/EXTERNAL
LDAPAuthMechanism EXTERNAL
LDAPUseTLS yes
# 1. Retrieve keyname(s) for a given mail address
SigningTable ldap://ldap0.roessner-net.de/ou=DKIM,ou=people,ou=it,dc=roessner-net,dc=de?rnsMSDKIMKeyName?sub?(rnsMSDKIMDomain=$d) ldap://db.roessner-net.de/
MultipleSignatures yes
# 2. Retrieve the first set of attributes found for the keyname gotton above
KeyTable ldap://ldap0.roessner-net.de/ou=DKIM,ou=people,ou=it,dc=roessner-net,dc=de?rnsMSDKIMDomain,rnsMSDKIMKeyName,rnsMSDKIMKey?sub?(rnsMSDKIMKeyName=$d) ldap://db.roessner-net.de/
TemporaryDirectory /var/lib/opendkim/tmp
UserID opendkim:opendkim
I also have put a .ldaprc file under /var/lib/opendkim, which is the home directory of the user opendkim with the following content:
BASE ou=people,ou=it,dc=roessner-net,dc=de
URI ldap://ldap0.roessner-net.de ldap://db.roessner-net.de
TLS_CACERT /ca/cacert_org.crt
TLS_CERT /ca/mx0.roessner-net.de/newcert.pem
TLS_KEY /ca/mx0.roessner-net.de/newkey.pem
TLS_REQCERT allow
Trying to start opendkim like this results in a segmentation fault. If starting the service with strace -o, I can see that it scanned the directory /usr/lib/sasl2
...
open("/usr/lib/sasl2/libcrammd5.la", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=976, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7721000
read(5, "# libcrammd5.la - a libtool libr"..., 4096) = 976
close(5) = 0
munmap(0xb7721000, 4096) = 0
open("/usr/lib/sasl2/libcrammd5.so.2", O_RDONLY) = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\f\0\0004\0\0\0"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0644, st_size=17764, ...}) = 0
mmap2(NULL, 20640, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x38c000
mmap2(0x390000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x3) = 0x390000
close(5) = 0
mprotect(0x390000, 4096, PROT_READ) = 0
open("/usr/lib/sasl2/libplain.la", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=970, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7721000
read(5, "# libplain.la - a libtool librar"..., 4096) = 970
close(5) = 0
munmap(0xb7721000, 4096) = 0
open("/usr/lib/sasl2/libplain.so.2", O_RDONLY) = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0_at_\f\0\0004\0\0\0"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0644, st_size=17760, ...}) = 0
mmap2(NULL, 16544, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x4a9000
mmap2(0x4ac000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x3) = 0x4ac000
close(5) = 0
mprotect(0x4ac000, 4096, PROT_READ) = 0
open("/usr/lib/sasl2/libcrammd5.la", O_RDONLY) = 5
close(5) = 0
open("/usr/lib/sasl2/liblogin.la", O_RDONLY) = 5
close(5) = 0
open("/usr/lib/sasl2/libanonymous.la", O_RDONLY) = 5
close(5) = 0
getdents(4, /* 0 entries */, 32768) = 0
close(4) = 0
uname({sys="Linux", node="mx0", ...}) = 0
--- SIGSEGV (Segmentation fault) _at_ 0 (0) ---
+++ killed by SIGSEGV +++
I do not understand the configuration parameters from the man page. Maybe I have done something wrong?
I use OpenDKIM-2.5.0.1 here. Compiled from source with:
./configure \
--sysconfdir=/etc/opendkim \
--localstatedir=/var \
--with-openssl \
--with-milter \
--with-unbound \
--with-tre \
--with-lua \
--with-openldap \
--with-sasl \
--enable-adsp_lists \
--enable-dkim_reputation \
--enable-diffheaders \
--enable-oversign \
--enable-rate_limit \
--enable-replace_rules \
--enable-redirect \
--enable-resign \
--enable-stats \
--enable-statsext \
--enable-rbl \
--enable-vbr \
--enable-xtags \
--enable-parsetime
Thanks in advance
-Christian
---
Roessner-Network-Solutions
Bachelor of Science Informatik
Nahrungsberg 81, 35390 Gießen
F: +49 641 5879091, M: +49 176 93118939
USt-IdNr.: DE225643613
http://www.roessner-network-solutions.com
- application/pkcs7-signature attachment: smime.p7s
Received on Wed Mar 28 2012 - 07:55:08 PST