[Dovecot] LDAP against Novell eDirectory: 'Confidentialityrequired'
Jim Moseby
JMoseby at elasticfabrics.com
Thu May 20 19:09:50 EEST 2010
Martin.
Thanks for the reply.
I tried your solution, didn't work for me.
What happened was, I changed to use 'uris' instead of 'hosts', set 'tls=no', and restarted dovecot. I got this looping over and over:
dovecot: 2010-05-20 12:03:20 Error: auth(default): LDAP: ldap_result() failed: Can't contact LDAP server
dovecot: 2010-05-20 12:03:20 Error: auth(default): io_loop_handle_remove: epoll_ctl(2, 8): Bad file descriptor
Every other time I have seen the message 'Confidentiality required' when querying LDAP (in my PHP module for instance), all I had to do was enable TLS, and the problem was solved. Dovecot seems to be an exception.
Cheers!
Jim
>>> Martin Ott <martin.ott at itk-engineering.de> 5/20/2010 11:40 AM >>>
Hi Jim,
I don't know why your setup is not working. I only can provide you some hints
from our working setup. We authenticate our users against a MS Active
Directory Server.
the uri in dovecot-ldap.conf is:
uris = ldaps://hostname
we also had to add in /etc/ldap/ldap.conf
TLS_CACERT /etc/ssl/certs/certfile.crt
TLS_REQCERT demand
hope this helps,
Martin
Am 20.05.2010 15:35, schrieb Jim Moseby:
> Hi list!
>
> I am trying to get dovecot to authenticate users against Novell eDirectory via LDAP. I have successfully gotten open-xchange to authenticate, and I have written a PHP module that authenticates, however I cannot seem to get Dovecot working.
>
> If I turn on TLS and restart dovecot, I get:
> dovecot: 2010-05-20 09:22:05 Error: auth(default): LDAP: ldap_start_tls_s() failed: Connect error
> dovecot: 2010-05-20 09:22:05 Error: auth(default): LDAP: ldap_start_tls_s() failed: Local error
> If I turn it off, it starts without error, but returns this when a user tries to authenticate:
> dovecot: 2010-05-20 08:48:39 Error: auth(default): ldap(jkmoseby,127.0.0.1): ldap_bind() failed: Confidentiality required
>
> I have tried all combinations of host:port, and LDAP uri strings I can think of, nothing seems to work.
>
> Thanks in advance, config files follow.
>
> Jim
>
> --------------------------------------------------------
>
> 'dovecot -n' returns:
> # 1.0.15: /etc/dovecot/dovecot.conf
> base_dir: /var/run/dovecot/
> log_path: /var/log/dovecot.log
> info_log_path: /var/log/dovecot.log
> log_timestamp: %Y-%m-%d %H:%M:%S
> protocols: imap
> login_dir: /var/run/dovecot//login
> login_executable: /usr/lib/dovecot/imap-login
> login_greeting: EFA mail server ready.
> mail_privileged_group: mail
> auth default:
> passdb:
> driver: ldap
> args: /etc/dovecot/dovecot-ldap.conf
> userdb:
> driver: ldap
> args: /etc/dovecot/dovecot-ldap.conf
> ---------------------------------------------------------
>
> 'grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf' returns:
> hosts = 10.1.10.200
> tls = yes
> auth_bind = yes
> auth_bind_userdn = cn=%u,o=GSO,o=EFA
> base = o=EFA
> scope = subtree
> user_filter = (&(objectClass=posixAccount)(uid=%u))
>
More information about the dovecot
mailing list