postfix (2.11.0-1) does not LDAP table lookup since libp11-kit0 (0.20.2-2ubuntu2)

Bug #1393923 reported by ITec on 2014-11-18
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
gnutls26 (Ubuntu)
Undecided
Unassigned
openldap (Ubuntu)
Undecided
Unassigned
p11-kit (Ubuntu)
Undecided
Unassigned
postfix (Ubuntu)
Undecided
Unassigned

Bug Description

Versions:

Ubuntu 14.04.1 LTS
postfix:amd64 2.11.0-1
postfix-ldap:amd64 2.11.0-1
libldap-2.4-2:amd64 2.4.31-1+nmu2ubuntu8
libgnutls26:amd64 2.12.23-12ubuntu2.1

libp11-kit0:amd64 0.18.3-2ubuntu1 (works)
libp11-kit0:amd64 0.20.2-2ubuntu2 (does not work)

Problem:

When receiving email, postfix does not do LDAP lookup for transport tables any more.

With libp11-kit0 0.18.3-2ubuntu1 everything works fine. At a certain point postfix starts LDAP lookup and continues until it finds the needed LDAP item.

snippet from /var/log/mail.log:

...
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_lookup: In dict_ldap_lookup
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_lookup: No existing connection for LDAP source /etc/postfix/ldap-mda.cf, reopening
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_connect: Connecting to server ldaps://db.itec.int ldaps://db1.itec.int ldaps://db2.itec.int
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_connect: Actual Protocol version used is 3.
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_connect: Binding to server ldaps://db.itec.int ldaps://db1.itec.int ldaps://db2.itec.int with dn uid=mta,ou=computers,dc=itec,dc=int
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_connect: Successful bind to server ldaps://db.itec.int ldaps://db1.itec.int ldaps://db2.itec.int with dn uid=mta,ou=computers,dc=itec,dc=int
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_connect: Cached connection handle for LDAP source /etc/postfix/ldap-mda.cf
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_lookup: /etc/postfix/ldap-mda.cf: Searching with filter (&(objectClass=inetLocalMailRecipient)(&(mailRoutingAddress=\2A)(mailHost=mta.itec.int)))
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_get_values[1]: Search found 0 match(es)
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
Nov 18 17:27:47 mta postfix/trivial-rewrite[8879]: dict_ldap_lookup: Search returned nothing
...

With libp11-kit0 0.20.2-2ubuntu2 postfix does not start LDAP lookup. Instead it gets killed by signal.

snippet from /var/log/mail.log:

...
Nov 18 19:07:11 mta postfix/trivial-rewrite[12032]: dict_ldap_lookup: In dict_ldap_lookup
Nov 18 19:07:11 mta postfix/trivial-rewrite[12032]: dict_ldap_lookup: No existing connection for LDAP source /etc/postfix/ldap-mda.cf, reopening
Nov 18 19:07:11 mta postfix/trivial-rewrite[12032]: dict_ldap_connect: Connecting to server ldaps://db.itec.int ldaps://db1.itec.int ldaps://db2.itec.int
Nov 18 19:07:11 mta postfix/trivial-rewrite[12032]: dict_ldap_connect: Actual Protocol version used is 3.
Nov 18 19:07:11 mta postfix/master[11997]: warning: process /usr/lib/postfix/trivial-rewrite pid 12032 killed by signal 11
Nov 18 19:07:11 mta postfix/master[11997]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup -- throttling
Nov 18 19:07:42 mta postfix/pickup[12000]: trigger_server_accept_local: trigger arrived
Nov 18 19:07:42 mta postfix/pickup[12000]: master_notify: status 0
Nov 18 19:07:42 mta postfix/pickup[12000]: master_notify: status 1
...

--> I am not able to upgrade to the current (trusty) version of libp11-kit0. Instead I have to run an outdated (saucy) version of libp11-kit0.

What can I do to get the current version running?

Scott Kitterman (kitterman) wrote :

Reading the upstream bug associated with #1381743, I wonder if it might be related?

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gnutls26 (Ubuntu):
status: New → Confirmed
Changed in openldap (Ubuntu):
status: New → Confirmed
Changed in p11-kit (Ubuntu):
status: New → Confirmed
Changed in postfix (Ubuntu):
status: New → Confirmed
Andreas Ntaflos (daff) wrote :

Over a year later this problem still exists. It is impossible to run a Postfix server that does (SSL/TLS secured) LDAP lookups on Ubuntu 14.04.3.

I wonder how is this not affecting more people?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers