May 13 13:03:20 mx0 dovecot: auth: Error: auth worker: Aborted request: Lookup timed out May 13 13:03:21 mx0 dovecot: auth-worker(26753): Error: LDAP: ldap_start_tls_s() failed: Connect error May 13 13:03:21 mx0 dovecot: auth-worker(26753): Error: LDAP: ldap_start_tls_s() failed: Can't contact LDAP server
Dovecot itself works. Only doveadm does not.
User iteration is done via auth-worker process, because it can take a long time. Regular passdb/userdb lookups are done via auth process, because they are fast. So:
service auth-worker { unix_listener auth-worker { user = vmail } user = vmail } service auth { extra_groups = ssl-cert unix_listener auth-userdb { mode = 0600 user = vmail } user = vmail }
I guess you need to add extra_groups=ssl-cert to auth-worker as well.
Unfortunately I already tested this (and also once again after your answer). Changed the setting, stopped dovecot and restart it. After that doing doveadm qutoa get -A stalls.
What I do not understand is that I can not see any connection attempts to the LDAP servers. If it had problems with the certificates I would expect to see the connection and then a failure in the starttls process.
I alos did chmod o+rx to the folder /etc/ssl/private and also to the private key. So I think it has nothing to do with the privileges of the certificates, does it?
-Christian Rößner
Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gießen F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com