On 26/06/2025 11:03 EEST Bruno Hertz via dovecot <dovecot@dovecot.org> wrote: On Thu Jun 26, 2025 at 8:21 AM CEST, Aki Tuomi wrote: > >> On 26/06/2025 09:10 EEST Bruno Hertz via dovecot <dovecot@dovecot.org> wrote: >> >> >> Hi all >> >> I'm currently testing Dovecot 2.4, considering a migration from 2.3, and all >> works fine except authentication against LDAP (openldap slapd) with client >> certificates. Which I had no problem with on 2.3 for seven years or so. >> [ .. snip .. ] >> >> Thoughts? >> >> Greetings, Bruno >> _______________________________________________ >> dovecot mailing list -- dovecot@dovecot.org >> To unsubscribe send an email to dovecot-leae@dovecot.org > Dovecot uses openldap library, so it should respect what you have set in openldap config file. Can you run with ldap_debug_level = 9 to see if there is something that would explain this? Aki Hello Aki, thanks for your reply. Did as you requested, and I hope something useful can be gleaned from it. Can you try ldap_sasl_mechanism = EXTERNAL? As in, try upper casing it. Aki