[Dovecot] userdb/autdb via ldaps
Hello,
I'm using a OpenLDAP server to store mail users infos like maildir location and password. This server is running on a separate machine and I'd like to protect the connection to it by using SSL/TLS.
The server is configured so that it offers ldaps and it works with other clients.
But I haven't found how to configure dovecot to use ldaps. Would someone please direct me to the right place or directly help how to?
Greets, Jürgen
Jürgen Herz wrote:
Hello,
I'm using a OpenLDAP server to store mail users infos like maildir location and password. This server is running on a separate machine and I'd like to protect the connection to it by using SSL/TLS.
The server is configured so that it offers ldaps and it works with other clients.
But I haven't found how to configure dovecot to use ldaps. Would someone please direct me to the right place or directly help how to?
You just set it up as if you were using normal ldap (the config file is well documented), and use
uris=ldaps://buick.jordet.net/
instead of host, etc. Works great for me :)
-Stian
Stian Jordet wrote:
But I haven't found how to configure dovecot to use ldaps. Would someone please direct me to the right place or directly help how to?
You just set it up as if you were using normal ldap (the config file is well documented), and use
uris=ldaps://buick.jordet.net/
instead of host, etc. Works great for me :)
Thanks, that looks good. Where is uris documented? And I guess it's quite new since a 0.99.x installation can't handle it.
Jürgen
Stian Jordet wrote:
Jürgen Herz wrote:
But I haven't found how to configure dovecot to use ldaps. Would someone please direct me to the right place or directly help how to?
You just set it up as if you were using normal ldap (the config file is well documented), and use
uris=ldaps://buick.jordet.net/
instead of host, etc. Works great for me :)
Unfortunatelly it doesn't here. On startup dovecot contacts the LDAP server, exchanges ssl messages (according to Wireshark Client Hello; Server Hello, Certificate, Server Hello Done; Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message; Change Cipher Spec, Encrypted Handshake Message) but only ACKs the last reply from the LDAP and then nothing--no login, no other encrypted payload. Then when connecting with a client to dovecot, it FIN, ACKs the old hanging connection, starts over but again does nothing after above handshake.
Only entries in mail.log are Error: auth(default): LDAP: Can't connect to server: (null) Error: auth(default): LDAP: Can't connect to server: (null) Error: child 3411 (auth) killed with signal 11 Error: auth(default): LDAP: Can't connect to server: (null) Error: auth(default): LDAP: Can't connect to server: (null)
Can't see what's wrong.
Dovecot 1.0.rc7 with LDAP and SSL
Bye, Jürgen
participants (2)
-
Jürgen Herz
-
Stian Jordet