Hi Simon and all perdition community,
thank you very much for your answer.
The SSL problem has been solved (I was using a telnet client that I only
thought was supporting ssl protocol...), but the biggest problem is that
perdition can't communicate with LDAP server.
I don't think the problem is the string I give to perdition (it is the
string provided by example in perdition documentation).
So I can post the problem that I can see in the log file:
-dbserver_get2: ldap_bind_s: Protocol error
I can't understand how and where I'm wrong.
The query string passed to perdition via the -m attribute is:
ldap://localhost:389/ou=
mailbox,dc=example,dc=com?username,mailhost,port?one?(uid=%25s)
while my LDAP tree is:
dc=example,dc=com
+ou=mailbox
+uid=rmilo
(objectClass=top,objectClass=uidObject,objectClass=perditionPopmap,username=
rmilo(a)my_domain.com,mailhost=pop.my_domain.com,port=995,uid=
rmilo(a)my_domain.com).
Thank you again for your help.
Riccardo
2010/11/25 Simon Horman <horms(a)verge.net.au>
Hi Riccardo,
On Thu, Nov 25, 2010 at 04:46:47PM +0000, riccardo.milo(a)gmail.com wrote:
Hi all,
I'm new to perdition world, and I am obviously having problems in
configuration.
I'm trying to configure an authentication on LDAP, I read that
perdition can do what I need. But the problem is here: how can I set
up a connection to the LDAP?
I've tried with the perrdition.conf file setting up the -M and -m
parameters, but it seems that the library is not linked.
I compiled perdition with PAM, SSL and LDAP support before
installing it on my Ubuntu 10.10 machine, but this is still not
working...
Can you give me some hint?
I attach at the message the log that console give me back; note that
I have problems when I activate the authentication_in parameter,
because without it perdition works like a perfect proxy without give
me back errors.
Using authentication_in shouldn't be necessary unless
you want perdition to authenticate usernames and passwords.
Here's the log:
Nov 25 16:59:27 riccardopb perdition[11355]: version=1.18,
add_domain="", authenticate_in=on, authenticate_timeout=1800,
bind_address="", capability="UIDL USER",
client_server_specification=off,
config_file="/usr/local/etc/perdition/perdition.pop3.conf",
connection_limit=0, connection_logging=on, connect_relog=300,
debug=on, domain_delimiter="@", explicit_domain="",
group="riccardo", inetd_mode=off, listen_port="3000",
log_facility="mail", log_passwd="never", login_disabled=off,
lower_case="", map_library="/usr/local/lib/libperditiondb_ldap.so",
map_library_opt="ldap://
127.0.0.1:389/ou=mailbox,dc=example,dc=com?username,mailhost,port?one?(uid=%25s)<http://127.0.0.1:389/ou=mailbox,dc=example,dc=com?username,mailhost,port?one?%28uid=%25s%29>
",
no_bind_banner=off, no_daemon=off,
no_lookup=off,
nodename="riccardopb", ok_line="A lei",
outgoing_port="995",
outgoing_server="pop.gmail.com",
pid_file="/home/riccardo/Scrivania/perdition.pop3.pid",
protocol="POP3", server_resp_line=off, strip_domain="",
timeout=1800, username="riccardo", username_from_database=off,
query_key="", quiet=off, ssl_mode="ssl_all",
ssl_ca_file="",
ssl_ca_path="/usr/local/etc/perdition/perdition.ca/",
ssl_ca_accept_self_signed="on",
ssl_cert_file="/usr/local/etc/perdition/perdition.crt.pem",
ssl_cert_accept_expired="on", ssl_cert_not_yet_valid="on",
ssl_cert_self_signed="on", ssl_cert_verify_depth=9,
ssl_key_file="/usr/local/etc/perdition/perdition.key.pem",
ssl_listen_ciphers="", ssl_outgoing_ciphers="",
ssl_no_cert_verify="on", ssl_no_cn_verify="on",
(ssl_mask=0x00000000) (mask=0x00060000 00000000)#012
Nov 25 16:59:41 riccardopb perdition[11360]: Connect:
127.0.0.1->127.0.0.1
Nov 25 16:59:54 riccardopb perdition[11360]:
__perdition_ssl_connection: error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol
This seems to indicate that the client has connected using plain-text
instead of using SSLv3 or TLSv1.
You should be able to get the same result by telneting to port 995
on the server running perdition and entering a line of text (any text)
into telnet.
To test SSL I find that the openssl s_client can be useful.
e.g.
openssl s_client -connect localhost:995 -msg
Nov 25 16:59:54 riccardopb perdition[11360]:
__perdition_ssl_connection: SSL_accept
Nov 25 16:59:54 riccardopb perdition[11360]:
__perdition_ssl_connection: no shared ciphers?
Nov 25 16:59:54 riccardopb perdition[11360]:
perdition_ssl_server_connection: perdition_ssl_connection
Nov 25 16:59:54 riccardopb perdition[11360]: main:
perdition_ssl_server_connection SSL
Nov 25 16:59:54 riccardopb perdition[11360]: Fatal error
establishing SSL connection to client
Thank you very much for your attention and help.