Freron MailMate

Comments and changes to this ticket

• You flagged this item as spam.
  

  Ján Rusnák June 8th, 2018 @ 11:37 AM

  Hi,

  I have similar problem:

  1. LDAP.plist is created in dir ~/Library/Application Support/MailMate/.
     
  2. Keychain account item is created by adding new LDAP account to OSX Contacts.app:
     In keychain 'Local Items':
     Name: com.apple.account.LDAP.password
     Kind: application password
     Account: cn=read,ou=test,ou=person,dc=domain@ldap.domain
     Where: com.apple.account.LDAP.password

  Then, if I write some to address box in the composer window, no search result appear.
  Here is log item from system console:
  MailMate[1291]/1#-1 LF=0 copy_matching Error Domain=NSOSStatusErrorDomain Code=-25303 "attribute dflt not found in class inet" (errKCNoSuchAttr / errSecNoSuchAttr: / The attribute does not exist.) UserInfo={NSDescription=attribute dflt not found in class inet}

  OpenLDAP log show that MailMate try bind to directory without password:
  slapd[15561]: daemon: activity on 1 descriptor
  slapd[15561]: >>> dnPrettyNormal:
  slapd[15561]: <<< dnPrettyNormal: ,
  slapd[15561]: conn=1024 op=0 BIND dn="cn=read,ou=test,ou=person,dc=domain" method=128
  slapd[15561]: daemon: activity on:
  slapd[15561]: do_bind: version=3 dn="cn=read,ou=test,ou=person,dc=domain" method=128
  slapd[15561]:
  slapd[15561]: send_ldap_result: conn=1024 op=0 p=3
  slapd[15561]: daemon: epoll: listen=9 active_threads=0 tvp=zero
  slapd[15561]: send_ldap_result: err=53 matched="" text="unauthenticated bind (DN with no password) disallowed"

  It looks like that MailMate can't find correct password in keychain??.

  LDAP in OSX Contacts.app is also broken in Sierra and High Sierra OS (long time), all search attempt fail with message in system console:
  Could not get password: Error Domain=SecKeychain Code=-25300 "Password for cn=read,ou=test,ou=person,dc=domain@ldap.domain:0 not found" UserInfo={NSLocalizedDescription=Password for cn=read,ou=test,ou=person,dc=domain@ldap.domain:0 not found} Password for cn=read,ou=test,ou=person,dc=domain@ldap.domain:0 not found

  What is correct format of MailMate LDAP Keychain item, for manually add it to keychain?. This missing in documentation.

  Or where is problem with LDAP contacts search in MailMate.

  Withouout LDAP addressbook search feature, MailMate is unusable in some corporate environment!

• 

  benny June 8th, 2018 @ 12:13 PM

  To be honest, I'm actually not sure anyone has ever successfully used the (somewhat experimental) LDAP support with authentication enabled.

  You can confirm if this is a keychain issue by enabling some debug output:

  defaults write com.freron.MailMate MmDebugLDAP -bool YES
  

  And then launch from a Terminal window to see the output:

  /Applications/MailMate.app/Contents/MacOS/MailMate
  

  (Unfortunately, I do not currently have access to an LDAP server which supports authentication which makes testing a bit hard.)

• You flagged this item as spam.
  

  Norman Gray June 8th, 2018 @ 02:09 PM

  I've tried this, and when I typed 'gray' into the to field of a new mail message, the following showed up (server and DN adjusted):

  LDAP: Connect to 'ldap://my-ldap.example.ac.uk:389'
   Parsed
   Initialized (my-ldap.example.ac.uk:389)
  SecKeychainFindInternetPassword failed with error: -25300
  Warning: Failed to retrieve LDAP password from keychain (cn=foo,ou=OU,o=O@my-ldap.example.ac.uk:389)
   Bind with 'cn=foo,ou=OU,o=O'
  ldap connection failed (ldap://my-ldap.example.ac.uk:389): Inappropriate authentication
  Find matches for 'gra'
  Result:
  Find matches for 'gray'
  Result:
  LDAP: Connect to 'ldap://my-ldap.example.ac.uk:389'
   Parsed
   Initialized (my-ldap.example.ac.uk:389)
  SecKeychainFindInternetPassword failed with error: -25300
  Warning: Failed to retrieve LDAP password from keychain (cn=foo,ou=OU,o=O@my-ldap.example.ac.uk:389)
   Bind with 'cn=foo,ou=OU,o=O'
  ldap connection failed (ldap://my-ldap.example.ac.uk:389): Inappropriate authentication
  

  In Keychain Access (the login keychain) I have an entry with:

  • Account: cn=foo,ou=OU,o=O
  • Where: my-ldap.example.ac.uk

  I've also tried it with Where being my-ldap.example.ac.uk:389 and ldap://my-ldap.example.ac.uk (which might be what Mail.app puts in there).

  It's a separate matter, but the Keychain Access interface is, as usual, almost good but not quite, so that the straightforward 'New Password Item...' does not get things into quite the right-seeming place.

• You flagged this item as spam.
  

  Ján Rusnák June 8th, 2018 @ 02:10 PM

  defaults write com.freron.MailMate MmDebugLDAP -bool YES  
  /Applications/MailMate.app/Contents/MacOS/MailMate
  
  Here is my log from terminal:  
  Warning: Decoding empty text body for id 936  
  Warning: Decoding empty text body for id 936  
  Find matches for 'jr'  
  Result:  
  LDAP: Connect to 'ldap://ldap.domain:389'  
   Parsed
   Initialized (ldap.domain:389)
  SecKeychainFindInternetPassword failed with error: -25300  
  Warning: Failed to retrieve LDAP password from keychain (cn=read,ou=test,ou=person,dc=domain@ldap.domain:389)  
   Bind with 'cn=read,ou=test,ou=person,dc=domain'
  ldap connection failed (ldap://ldap.domain:389): Server is unwilling to perform  
  Find matches for 'jr@'  
  Result:  
  LDAP: Connect to 'ldap://ldap.domain:389'  
   Parsed
   Initialized (ldap.domain:389)
  SecKeychainFindInternetPassword failed with error: -25300  
  Warning: Failed to retrieve LDAP password from keychain (cn=read,ou=test,ou=person,dc=domain@ldap.domain:389)  
   Bind with 'cn=read,ou=test,ou=person,dc=domain'
  ldap connection failed (ldap://ldap.domain:389): Server is unwilling to perform  
  Warning: Decoding empty text body for id 936  
  Warning: Decoding empty text body for id 937  
  Find matches for 'ja'  
  Result:  
  LDAP: Connect to 'ldap://ldap.domain:389'  
   Parsed
   Initialized (ldap.domain:389)
  SecKeychainFindInternetPassword failed with error: -25300  
  Warning: Failed to retrieve LDAP password from keychain (cn=read,ou=test,ou=person,dc=domain@ldap.domain:389)  
   Bind with 'cn=read,ou=test,ou=person,dc=domain'
  ldap connection failed (ldap://ldap.domain:389): Server is unwilling to perform  
  Find matches for 'jan'  
  Result:  
  LDAP: Connect to 'ldap://ldap.domain:389'  
   Parsed
   Initialized (ldap.domain:389)
  SecKeychainFindInternetPassword failed with error: -25300  
  Warning: Failed to retrieve LDAP password from keychain (cn=read,ou=test,ou=person,dc=domain@ldap.domain:389)  
   Bind with 'cn=read,ou=test,ou=person,dc=domain'
  ldap connection failed (ldap://ldap.domain:389): Server is unwilling to perform
  

• You flagged this item as spam.
  

  Norman Gray June 8th, 2018 @ 02:13 PM

  Parenthetically: I should mention that I'm currently having difficulties getting MailMate to use an X.509 certificate from my keychain (I get User canceled the operation. (error code -128) when I press Send). Thus it's possible that my keychain is somehow messed up in a way that tools don't report, so if the log messages I'm reporting don't make sense, that's a possible explanation.

• You flagged this item as spam.
  

  Ján Rusnák June 8th, 2018 @ 02:20 PM

  Benny,

  (Unfortunately, I do not currently have access to an LDAP server which supports authentication which makes testing a bit hard.) I can help with testing environment, if yes please contact me (--removed--).

• 

  benny June 11th, 2018 @ 08:03 AM

  It certainly looks like the primary problem here is that MailMate isn't able to retrieve the password from the keychain. We could probably debug that with a test account, but @Ján if you can help with a test account then I would appreciate that. Preferably with me getting access to as little as possible of course :-) I'll write you offline.

  (I'll also remove your email address here to avoid scraping.)

• You flagged this item as spam.
  

  Eelco Chaudron August 29th, 2018 @ 09:11 AM

  I was wondering how you query the LDAP server? Asking as I can match on first name, but not on last or "first last" name?

  Here is a log entry:

  Find matches for 'eelco chau'
  Result:
  2018-08-29 10:56:26.931 MailMate[3549:323607] Warning: Unable to reformat “Eelco Chaud”
  Find matches for 'eelco chaud'
  Result:
  Find matches for 'chau'
  Result:
  Find matches for 'chaud'
  Result:
  Find matches for 'chaudr'
  Result:
  Find matches for 'chaudro'
  Result:
  Find matches for 'chaudron'
  Result:
  

  On my last name only, it finds nothing.

  This is my CN name:

  cn: Eelco Chaudron
  

  When I manually search it does work (no authentication is used or ssl is used):

  ldapsearch -x -H ldap://ldap.corp.XXXXX.com -LLL cn="eelco cha*" | grep -E "cn:|uid:"
  uid: echaudro
  cn: Eelco Chaudron
  

• 

  benny August 29th, 2018 @ 03:06 PM

  You can enable debug output like this:

  defaults write com.freron.MailMate MmDebugLDAP -bool YES
  

  Then launch from a Terminal window to see how MailMate interacts with the server:

  /Applications/MailMate.app/Contents/MacOS/MailMate
  

  As far as I recall, it was tricky to create a query which worked with all of the LDAP servers I used for testing (but it was a long time ago).

  Note that I'm not an LDAP expert. It's not unlikely I've done something wrong :)

• You flagged this item as spam.
  

  Eelco Chaudron January 22nd, 2019 @ 12:04 PM

  Looking at the debug you do the following:

  LDAP search ou=users,dc=redhat,dc=com/subtree/(|(mail=ch*)(cn=ch*)(cn=* ch*))

  However this will turn 390 entries, where the one I'm looking for is number 202. Could it be you only except the first x entries? From the debug log I see you only report about 118 replies.

• You flagged this item as spam.
  

  Raza Rizvi September 25th, 2020 @ 12:59 PM

  I decided to give this a try with the Tuffmail LDAP server.

  { servers = ( { requireSSL = 1; hostname = "ldap.mxes.net"; port = 636; username = "cn=raza_tuffmail.com,ou=auth,dc=mxes,dc=net"; searchBase = "ou=raza_tuffmail.com,ou=ab,dc=mxes,dc=net"; searchScope = "subtree"; // base, oneLevel, or subtree (default) }, ); }

  So I have set that it does require SSL and I specified the well known port 636 as well.

  Debugging shows:

  Result:
  LDAP: Connect to 'ldap://ldap.mxes.net:636&#39;
  Parsed Initialized (ldap.mxes.net:636) Warning: Failed starting TLS. Can't contact LDAP server

  I believe this is because it needs to do ldaps:// in observance of the requireSSL field.

• 

  benny September 28th, 2020 @ 12:59 PM

  @Raza: I've added that it uses ldaps when port 636 is configured. Maybe it should also default to port 636 when requireSSL is eanbled...

  @Eelco: Sorry about the late response. You are correct that MailMate sets a maximum of 200 results to be returned from the server. I don't currently have time to look into how to improve that, but if know what I should change in the query then let me know.