<div dir="ltr">Yes, I described the log message from openldap because DSPAM doesn't produce one. It simply comes back with "no mapping found" as seen below.<div><br></div><div style>extlookup.conf:</div><div style>
<br></div><div style><div>ExtLookup<span style="white-space:pre"> </span>on</div><div>ExtLookupMode<span style="white-space:pre"> </span>strict</div><div>ExtLookupDriver<span style="white-space:pre"> </span>ldap</div>
<div>ExtLookupServer<span style="white-space:pre"> </span>localhost</div><div>ExtLookupPort<span style="white-space:pre"> </span>636</div><div>ExtLookupDB<span style="white-space:pre"> </span>"ou=people,dc=home,dc=lan"</div>
<div>ExtLookupQuery<span style="white-space:pre"> </span>"(&(objectClass=posixAccount)(uid=%u))"</div><div>ExtLookupLDAPAttribute<span style="white-space:pre"> </span>"uid"</div>
<div>ExtLookupLDAPScope<span style="white-space:pre"> </span>sub</div><div>ExtLookupLDAPVersion<span style="white-space:pre"> </span>3</div><div>ExtLookupLogin<span style="white-space:pre"> </span>"cn=dspamadm,ou=administrators,dc=home,dc=lan"</div>
<div>ExtLookupPassword<span style="white-space:pre"> </span>"myPassword"</div><div>ExtLookupCryptox<span style="white-space:pre"> </span>tls</div><div><br></div><div style>log files:</div>
<div style><br></div><div style><div>==> /var/log/debug <==</div><div>Dec 13 11:53:30 myserver slapd[2030]: conn=1000 fd=11 ACCEPT from IP=<a href="http://127.0.0.1:56251">127.0.0.1:56251</a> (IP=<a href="http://0.0.0.0:636">0.0.0.0:636</a>)</div>
<div><br></div><div>==> /var/log/syslog <==</div><div>Dec 13 11:53:30 myserver slapd[2030]: conn=1000 fd=11 closed (TLS negotiation failure)</div><div>Dec 13 11:53:30 myserver dspam[1977]: External Lookup: Backend initialization failure: Can't contact LDAP server</div>
<div><br></div><div style>command line:</div><div style><br></div><div style><div>root@myserver:/etc/dspam# ldapsearch -b 'ou=people,dc=home,dc=lan' -x -H ldaps://localhost -W -D "cn= dspamadm,ou=administrators,dc=home,dc=lan" "(&(objectClass=posixAccount)(uid=jason))" uid</div>
<div>Enter LDAP Password:</div><div># extended LDIF</div><div>#</div><div># LDAPv3</div><div># base <ou=people,dc=home,dc=lan> with scope subtree</div><div># filter: (&(objectClass=posixAccount)(uid=jason))</div>
<div># requesting: uid </div><div>#</div><div><br></div><div># jason, people, home.lan</div><div>dn: uid=jason,ou=people,dc=home,dc=lan</div><div>uid: jason</div><div><br></div><div># search result</div><div>search: 2</div>
<div>result: 0 Success</div><div><br></div><div># numResponses: 2</div><div># numEntries: 1</div><div><br></div><div><br></div><div style>Thanks</div><div style>Jason</div></div></div></div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Wed, Jan 23, 2013 at 4:21 PM, Thomas Preud'homme <span dir="ltr"><<a href="mailto:robotux@debian.org" target="_blank">robotux@debian.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Le mardi 22 janvier 2013 22:19:30, vous avez écrit :<br>
> Package: dspam<br>
> Version: 3.10.2+dfsg-5<br>
><br>
> I am trying to use the LDAP external user verification mechanism for<br>
> DSPAM but the connection fails with a "negotiation failure". I am<br>
> able to use the same DM and password via the command line LDAP tools,<br>
> but DSPAM itself will not connect. I have the certificate information<br>
> in the system wide ldap.conf file so DSPAM should be able to see it.<br>
><br>
><br>
> I am using the latest Debian stable and DSPAM via the backports repository.<br>
<br>
The "TLS negotiation failure" message comes from openldap, not dspam. Could<br>
you attach the relevant configuration file (extlookup.conf) and the command line<br>
you used outside dspam.<br>
<br>
Best regards,<br>
<br>
Thomas Preud'homme<br>
</blockquote></div><br></div>