Yes, I described the log message from openldap because DSPAM doesn't
produce one.  It simply comes back with "no mapping found" as seen below.


ExtLookup  on
ExtLookupMode strict
ExtLookupDriver ldap
ExtLookupServer localhost
ExtLookupPort 636
ExtLookupDB "ou=people,dc=home,dc=lan"
ExtLookupQuery "(&(objectClass=posixAccount)(uid=%u))"
ExtLookupLDAPAttribute "uid"
ExtLookupLDAPScope sub
ExtLookupLDAPVersion 3
ExtLookupLogin "cn=dspamadm,ou=administrators,dc=home,dc=lan"
ExtLookupPassword "myPassword"
ExtLookupCryptox tls

log files:

==> /var/log/debug <==
Dec 13 11:53:30 myserver slapd[2030]: conn=1000 fd=11 ACCEPT from IP= (IP=

==> /var/log/syslog <==
Dec 13 11:53:30 myserver slapd[2030]: conn=1000 fd=11 closed (TLS
negotiation failure)
Dec 13 11:53:30 myserver dspam[1977]: External Lookup: Backend
initialization failure: Can't contact LDAP server

command line:

root@myserver:/etc/dspam# ldapsearch -b 'ou=people,dc=home,dc=lan' -x -H
ldaps://localhost -W -D "cn= dspamadm,ou=administrators,dc=home,dc=lan"
 "(&(objectClass=posixAccount)(uid=jason))" uid
Enter LDAP Password:
# extended LDIF
# LDAPv3
# base <ou=people,dc=home,dc=lan> with scope subtree
# filter: (&(objectClass=posixAccount)(uid=jason))
# requesting: uid

# jason, people, home.lan
dn: uid=jason,ou=people,dc=home,dc=lan
uid: jason

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


On Wed, Jan 23, 2013 at 4:21 PM, Thomas Preud'homme <>wrote:

> Le mardi 22 janvier 2013 22:19:30, vous avez écrit :
> > Package: dspam
> > Version: 3.10.2+dfsg-5
> >
> > I am trying to use the LDAP external user verification mechanism for
> > DSPAM but the connection fails with a "negotiation failure".  I am
> > able to use the same DM and password via the command line LDAP tools,
> > but DSPAM itself will not connect.  I have the certificate information
> > in the system wide ldap.conf file so DSPAM should be able to see it.
> >
> >
> > I am using the latest Debian stable and DSPAM via the backports
> repository.
> The "TLS negotiation failure" message comes from openldap, not dspam. Could
> you attach the relevant configuration file (extlookup.conf) and the
> command line
> you used outside dspam.
> Best regards,
> Thomas Preud'homme

Reply via email to