[Dovecot] LDAP against Novell eDirectory: 'Confidentialityrequired'

Jim Moseby JMoseby at elasticfabrics.com
Thu May 20 19:09:50 EEST 2010 

Martin.
 
Thanks for the reply.  
 
I tried your solution, didn't work for me.  
 
What happened was, I changed to use 'uris' instead of 'hosts', set 'tls=no', and restarted dovecot.  I got this looping over and over:
 
dovecot: 2010-05-20 12:03:20 Error: auth(default): LDAP: ldap_result() failed: Can't contact LDAP server
dovecot: 2010-05-20 12:03:20 Error: auth(default): io_loop_handle_remove: epoll_ctl(2, 8): Bad file descriptor
 
Every other time I have seen the message 'Confidentiality required' when querying LDAP (in my PHP module for instance), all I had to do was enable TLS, and the problem was solved.  Dovecot seems to be an exception.
 
Cheers!
 
Jim
 


>>> Martin Ott <martin.ott at itk-engineering.de> 5/20/2010 11:40 AM >>>
Hi Jim,

I don't know why your setup is not working. I only can provide you some hints
from our working setup. We authenticate our users against a MS Active
Directory Server.

the uri in dovecot-ldap.conf is:
uris = ldaps://hostname

we  also had to add in /etc/ldap/ldap.conf

TLS_CACERT /etc/ssl/certs/certfile.crt
TLS_REQCERT demand

hope this helps,
Martin


Am 20.05.2010 15:35, schrieb Jim Moseby:
> Hi list!
>  
> I am trying to get dovecot to authenticate users against Novell eDirectory via LDAP.  I have successfully gotten open-xchange to authenticate, and I have written a PHP module that authenticates, however I cannot seem to get Dovecot working.
>  
> If I turn on TLS and restart dovecot, I get:
> dovecot: 2010-05-20 09:22:05 Error: auth(default): LDAP: ldap_start_tls_s() failed: Connect error
> dovecot: 2010-05-20 09:22:05 Error: auth(default): LDAP: ldap_start_tls_s() failed: Local error
> If I turn it off, it starts without error, but returns this when a user tries to authenticate:
> dovecot: 2010-05-20 08:48:39 Error: auth(default): ldap(jkmoseby,127.0.0.1): ldap_bind() failed: Confidentiality required
>  
> I have tried all combinations of host:port, and LDAP uri strings I can think of, nothing seems to work.
>  
> Thanks in advance, config files follow.
>  
> Jim
>  
> --------------------------------------------------------
>  
> 'dovecot -n' returns: 
> # 1.0.15: /etc/dovecot/dovecot.conf
> base_dir: /var/run/dovecot/
> log_path: /var/log/dovecot.log
> info_log_path: /var/log/dovecot.log
> log_timestamp: %Y-%m-%d %H:%M:%S
> protocols: imap
> login_dir: /var/run/dovecot//login
> login_executable: /usr/lib/dovecot/imap-login
> login_greeting: EFA mail server ready.
> mail_privileged_group: mail
> auth default:
>   passdb:
>     driver: ldap
>     args: /etc/dovecot/dovecot-ldap.conf
>   userdb:
>     driver: ldap
>     args: /etc/dovecot/dovecot-ldap.conf
> ---------------------------------------------------------
>  
> 'grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf' returns:
> hosts = 10.1.10.200
> tls = yes
> auth_bind = yes
> auth_bind_userdn = cn=%u,o=GSO,o=EFA
> base = o=EFA
> scope = subtree
> user_filter = (&(objectClass=posixAccount)(uid=%u))
>

More information about the dovecot mailing list