simple bind + X.509 client certificate?
Hi,
using dovecot 2.2.9. The LDAP server requests a client certificate from dovecot. This client certificate will not be used for authentication, but anyway, the server requests it. No SASL is involved. ldapsearch and Exim work as expected, sending the client cert.
The slapd is configured: olcTLSVerifyClient: demand
For authentication simple bind should be used.
Dovecot doesn't seem to send the requested client certificate.
If I sniff the connection, the "Certificate" sent to the server is empty. Using ldapsearch it works (and the certificate isn't empty).
Any suggestions?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann-- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
Heiko Schlittermann hs@schlittermann.de (Fr 05 Feb 2016 17:13:12 CET):
Hi,
using dovecot 2.2.9. The LDAP server requests a client certificate from dovecot. This client certificate will not be used for authentication, but anyway, the server requests it. No SASL is involved. ldapsearch and Exim work as expected, sending the client cert.
I had the same question already… and forgot about it. Shame on me.
20151008194657.GZ4156@jumper.schlittermann.deAnd it should be solved for newer dovecots. For me it's a work around to put the ldap client configuration into some ldaprc file and use
ldaprc_path = …
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann-- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
participants (1)
-
Heiko Schlittermann