On 26/06/2025 12:05 EEST Bruno Hertz via dovecot <dovecot@dovecot.org> wrote:
On Thu Jun 26, 2025 at 10:32 AM CEST, Aki Tuomi wrote:
[snip]
Can you try ldap_sasl_mechanism = EXTERNAL?
As in, try upper casing it.
Aki
Certainly, Aki, thanks for the suggestion. I tried that before though without success (actually spent some time tweaking settings, even did straces and so forth to see if the certificate is actually read, simply because the authentication process did work in 2.3).
So I tried again now, applied the change to /etc/dovecot/dovecot.conf, restartet the dovecot service and did a quick fetchmail authentication test. The result is exactly the same as before:
slapd reports the incoming connection slapd[590]: conn=1006 fd=18 ACCEPT from IP=[::1]:38730 (IP=[::]:636) but dovecot logs the same message as it previously did, and fetchmail times out dovecot: auth: Error: ldap(ldaps://localhost.quasi.internal:636): binding failed (dn (none)): Unknown authentication method, SASL(-4): no mechanism available:
So the behavior is completely independent from the capitalization of the word external.
Greetings, Bruno
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
The problem here is that the error is coming from your LDAP server. It does not want to do SASL EXTERNAL. Are you able to run your LDAP server in debug mode to see why it refuses this?
Aki