Hi Markus, hi list,
On 2026-03-30 12:15:15, markus-dovecot--- via dovecot wrote:
Unfortunately the upgrade to v2.4.3 broke the ldap connection.
I have configured an ldap connection like this:
ldap_uris = ldaps://xxx.com ldap_auth_dn = uid=xxx,ou=general accounts,dc=xxx,dc=com ldap_auth_dn_password = xxx ldap_base = dc=xxx,dc=com passdb ldap { ldap_bind = yes [...] }v2.4.3 cannot connect and says:
auth: Error: ldap(ldaps://xxx.com636): Can't connect to server: ldaps://xxx.comLdap server logs:
ACCEPT from IP=[XXX]:45674 (IP=[::]:636) TLS established tls_ssf=256 ssf=256 tls_proto=TLS1.3 tls_cipher=AES-256-GCM closed (connection lost)Downgrade to dovecot v2.4.2 makes it work again.
Was there any ldap change in v2.4.3 that required a config change?
I had a similar error. In my case, dovecot was missing the CA certificate for the cert of the LDAP server, as it was not included in the OS' ca-certificates bundle. I fixed it in my case with:
ssl_client_ca_file = /path/to/ldapservers-ca-certificate.crt
Seems like dovecot did not check the CA signing the LDAP server's certificate before 2.4.3.
Best,
Patrick Cernko <pcernko@mpi-klsb.mpg.de> +49 681 9325 5815 Joint Scientific IT and Technical Service Max-Planck-Institute für Informatik & Softwaresysteme