Hardy, exim4, SMTP-AUTH and LDAP… (or debian openssl causes pain)

As most people will know yesterday caused a lot of people a lot of pain as they ran around replacing SSH keys and SSL certificates.

While running around fixing up all our servers, most of them in one felll swoop thanks to puppet, I realised two of our servers were still running Edgy. I figured it was high time I moved them to Hardy.

Everything went fairly smoothly with some minor hicups, except for SMTP-AUTH for exim. We use an ldap backed SMTP-AUTH and this just wouldn’t work after the upgrade. The following error was appearing in the logs.

ldap_search failed: -7, Bad search filter	

This lead to hours upon hours of google searches, staring at debug messages and even at one stage resorting to using GDB. Eventually after staring at debug messages harder it twigged when I saw the following.

perform_ldap_search: ldapdn URL = "ldap:///ou=people,o=vquence?dn?sub?(uid=moo) "

Notice the space just before the closing double quote. It seems that the new openldap libraries don’t like errant spaces in your search filter.

Now to remember what I was doing yesterday morning before this whole derailment began.

Note: Before anyone comments I will completely deny that during these upgrades I did anything as silly as rm -rf `dpkg -L random-font-package`, no matter what twitter says.