Ezmlm-idx & qmail-ldap
From Docupedia
Reference environment:
| Software List | |
| Name | Version |
|---|---|
| ezmlm | 0.53 |
| ezmlm-idx | 5.1.2-7 |
| qmail | 1.03 |
| qmail-ldap | 1.03-20050401a |
| MySQL | 4.1.10a |
| SuSE Linux | 9.3 |
Yes, that is a fairly old version of qmail-ldap and SuSE, but it was what was already installed and working on the server. If it ain't broke...
ezmlm-idx was compiled from the source RPM available from the ezmlm-idx website. The only change necessary in the .spec file was to get the manpages installed into /usr/share/man instead of /usr/man. Otherwise it compiles right out of the box.
If you are like me, you like the least privilege approach to security. That's why I always blanch at install instructions that include a line like
GRANT ALL on database.* TO ...
No, that won't do. Instead, I like to do
GRANT SELECT,INSERT,UPDATE,DELETE ON database.*
For 95% of applications, this works just right. Sometimes (especially if using Perl DB/DBI libs or PEAR DB/DB2 libs) you will also need to grant CREATE as those libraries sometimes use a dedicated table to keep track of auto incremented table IDs (think database independence). In other cases, such as ezmlm-idx, you'll also need LOCK TABLES privilege. The annoying thing about ezmlm-idx is that it gives a very generic and misleading message if a SQL statement fails for any reason. Here is the line I used for ezmlm-idx that works for my installation:
GRANT SELECT, INSERT, UPDATE, DELETE, LOCK TABLES ON ezmlm.* TO ezmlm@localhost IDENTIFIED BY '...'
Check this first if ezmlm-sub (or any other database-connecting command) spews this error:
ezmlm-sub: fatal: Access denied for user 'ezmlm'@'localhost' to database 'ezmlm'
You might also see this in mysqld.log:
071207 13:25:27 [Warning] Aborted connection 514 to db: 'ezmlm' user: 'ezmlm' host: `localhost' (Got an error reading communication packets)
However, this second line is more side-effect rather than an actual error message. From what I can tell this is due to the fact that on a fault the ezmlm-sub application (and likely any other ezmlm process that touches the database) does not cleanly close down the database connection on a fault. This may be fixed in future versions, so don't rely on this error code for diagnostics.
... More to come ...
