ldapi:// not working - Githubissues

andreasschulze commented 1 year ago

I tried to setup OpenDKIM to use ldapi URIs in KeyTable and Signingtable. This does not work here.

what's working in opendkim.conf:

KeyTable     ldap://ldapserver.example/dc=example?DKIMDomain,DKIMSelector,DKIMKey,?sub?(DKIMSelector=$d)
SigningTable ldap://ldapserver.example/dc=example?DKIMSelector?sub?(DKIMIdentity=$d)

but If OpenDKIM fail if I configure

KeyTable     ldapi://%2Fpath%2Fto%2Fldapi/dc=example?DKIMDomain,DKIMSelector,DKIMKey,?sub?(DKIMSelector=$d)
SigningTable ldapi://%2Fpath%2Fto%2Fldapi/dc=example?DKIMSelector?sub?(DKIMIdentity=$d)

I verified, the socket is present using ldapsearch:

ldapsearch -x -H ldapi://%2Fpath%2Fto%2Fldapi -b dc=example

Using strace I found OpenDKIM still tries to access /usr/local/var/run/ldapi which is a default location of OpenLDAP.

If I place a Symlink from /usr/local/var/run/ldapi pointing to /path/to/ldapi, the existing socket, everything works as expected.

quanah commented 1 year ago

Is this a typo?

KeyTable     ldap://%2Fpath%2Fto%2Fldapi/dc=example?DKIMDomain,DKIMSelector,DKIMKey,?sub?(DKIMSelector=$d)
SigningTable ldap://%2Fpath%2Fto%2Fldapi/dc=example?DKIMSelector?sub?(DKIMIdentity=$d)

I would expect:


KeyTable     ldapi://%2Fpath%2Fto%2Fldapi/dc=example?DKIMDomain,DKIMSelector,DKIMKey,?sub?(DKIMSelector=$d)
SigningTable ldapi://%2Fpath%2Fto%2Fldapi/dc=example?DKIMSelector?sub?(DKIMIdentity=$d)

andreasschulze commented 1 year ago

yep, copy&paste error, now corrected ...

quanah commented 1 year ago

Ok. Well, I know it was working when I played with it years ago. As long as the ldapi URI is passed correctly to libldap, the default socket path shouldn't matter. Do you know what version of OpenLDAP the libldap you're using comes from?

andreasschulze commented 1 year ago

it's openldap-2.6.3

trusteddomainproject / OpenDKIM

ldapi:// not working #167