Ubuntu
postfix package

postfix (2.11.0-1) does not LDAP table lookup since libp11-kit0 (0.20.2-2ubuntu2)

Bug #1393923 reported by ITec
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
gnutls26 (Ubuntu)
Confirmed
Undecided
Unassigned
openldap (Ubuntu)
Confirmed
Undecided
Unassigned
p11-kit (Ubuntu)
Confirmed
Undecided
Unassigned
postfix (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Versions:

Ubuntu 14.04.1 LTS
postfix:amd64 2.11.0-1
postfix-ldap:amd64 2.11.0-1
libldap-2.4-2:amd64 2.4.31-1+nmu2ubuntu8
libgnutls26:amd64 2.12.23-12ubuntu2.1

libp11-kit0:amd64 0.18.3-2ubuntu1 (works)
libp11-kit0:amd64 0.20.2-2ubuntu2 (does not work)

Problem:

When receiving email, postfix does not do LDAP lookup for transport tables any more.

With libp11-kit0 0.18.3-2ubuntu1 everything works fine. At a certain point postfix starts LDAP lookup and continues until it finds the needed LDAP item.

snippet from /var/log/mail.log:

...
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_lookup: In dict_ldap_lookup
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_lookup: No existing connection for LDAP source /etc/postfix/ldap-mda.cf, reopening
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_connect: Connecting to server ldaps://db.itec.int ldaps://db1.itec.int ldaps://db2.itec.int
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_connect: Actual Protocol version used is 3.
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_connect: Binding to server ldaps://db.itec.int ldaps://db1.itec.int ldaps://db2.itec.int with dn uid=mta,ou=computers,dc=itec,dc=int
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_connect: Successful bind to server ldaps://db.itec.int ldaps://db1.itec.int ldaps://db2.itec.int with dn uid=mta,ou=computers,dc=itec,dc=int
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_connect: Cached connection handle for LDAP source /etc/postfix/ldap-mda.cf
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_lookup: /etc/postfix/ldap-mda.cf: Searching with filter (&(objectClass=inetLocalMailRecipient)(&(mailRoutingAddress=\2A)(mailHost=mta.itec.int)))
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_get_values[1]: Search found 0 match(es)
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_lookup: Search returned nothing
...

With libp11-kit0 0.20.2-2ubuntu2 postfix does not start LDAP lookup. Instead it gets killed by signal.

snippet from /var/log/mail.log:

...
Nov 18 19:07:11 mta postfix/trivial-rewrite[12032]: dict_ldap_lookup: In dict_ldap_lookup
Nov 18 19:07:11 mta postfix/trivial-rewrite[12032]: dict_ldap_lookup: No existing connection for LDAP source /etc/postfix/ldap-mda.cf, reopening
Nov 18 19:07:11 mta postfix/trivial-rewrite[12032]: dict_ldap_connect: Connecting to server ldaps://db.itec.int ldaps://db1.itec.int ldaps://db2.itec.int
Nov 18 19:07:11 mta postfix/trivial-rewrite[12032]: dict_ldap_connect: Actual Protocol version used is 3.
Nov 18 19:07:11 mta postfix/master[11997]: warning: process /usr/lib/postfix/trivial-rewrite pid 12032 killed by signal 11
Nov 18 19:07:11 mta postfix/master[11997]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup -- throttling
Nov 18 19:07:42 mta postfix/pickup[12000]: trigger_server_accept_local: trigger arrived
Nov 18 19:07:42 mta postfix/pickup[12000]: master_notify: status 0
Nov 18 19:07:42 mta postfix/pickup[12000]: master_notify: status 1
...

--> I am not able to upgrade to the current (trusty) version of libp11-kit0. Instead I have to run an outdated (saucy) version of libp11-kit0.

What can I do to get the current version running?

Revision history for this message
Scott Kitterman (kitterman) wrote :

Reading the upstream bug associated with #1381743, I wonder if it might be related?

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gnutls26 (Ubuntu):
status: New → Confirmed
Changed in openldap (Ubuntu):
status: New → Confirmed
Changed in p11-kit (Ubuntu):
status: New → Confirmed
Changed in postfix (Ubuntu):
status: New → Confirmed
Revision history for this message
Andreas Ntaflos (daff) wrote :

Over a year later this problem still exists. It is impossible to run a Postfix server that does (SSL/TLS secured) LDAP lookups on Ubuntu 14.04.3.

I wonder how is this not affecting more people?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.