Bug report: TLS SNI for LDAP userdb/passdb

14 Sep 2022


      Cheers,
Dovecot 2.3.4.1 (Debian stable) here, and the changelog does not offer
any hope of salvation, so a bug report it is.
The LDAP connections for userdb/passdb do not support SNI via TLS.
Simple construct to reproduce this:
0.) Have a.pem with SAN foo.example.com, b.pem with bar.example.com
1.) Configure haproxy frontend with bind *:636 ssl crt /foo/a.pem ssl      crt /foo/b.pem
2.) Try to use ldaps://bar.example.com/ in passdb, receive
"auth: Error: LDAP: Can't connect to server: ldaps://bar.example.com"
Expectation, of course, would be for this to work; most libraries
should support it, it's probably just a matter of convincing the
appropriate binding.
Kind regards,
-towo

Bug report: TLS SNI for LDAP userdb/passdb

Tobias Wolter