[Dovecot] ldaps support in dovecot-ldap.conf?
Dovecot experts,Does Dovecot support ldaps:\\ connections in dovecot-ldap.conf for ldap connections? I can get regular ldap:\\connections to work, but not ldaps:\\ connections. I have even downloaded the latest beta version of dovecot and it still doesn't work. If its not supported, will it be in the near future? Note: We are using Centos 5 and Redhat 5 systems.
Tim Tyler Network Engineer - Beloit College tyler@beloit.edu
On Fri, Feb 15, 2008 at 10:11:52AM -0600, Tim Tyler wrote:
Dovecot experts,Does Dovecot support ldaps:\\ connections in dovecot-ldap.conf for ldap connections? I can get regular ldap:\\connections to work, but not ldaps:\\ connections. I have even downloaded the latest beta version of dovecot and it still doesn't work. If its not supported, will it be in the near future? Note: We are using Centos 5 and Redhat 5 systems.
According to http://wiki.dovecot.org/AuthDatabase/LDAP just set tls=yes in your dovecot-ldap.conf.
GeertGeert Hendrickx wrote:
On Fri, Feb 15, 2008 at 10:11:52AM -0600, Tim Tyler wrote:
Dovecot experts,Does Dovecot support ldaps:\\ connections in dovecot-ldap.conf for ldap connections? I can get regular ldap:\\connections to work, but not ldaps:\\ connections. I have even downloaded the latest beta version of dovecot and it still doesn't work. If its not supported, will it be in the near future? Note: We are using Centos 5 and Redhat 5 systems.
According to http://wiki.dovecot.org/AuthDatabase/LDAP just set tls=yes in your dovecot-ldap.conf.
Geert
ldaps:// is not the same as ldap:// with tls support. Also, ldap with tls support is preferred to ldaps, but if you really have to use ldaps, you can always use stunnel to wrap up the connection in SSL.
Hugo Monteiro.
-- ci.fct.unl.pt:~# cat .signature
Hugo Monteiro Email : hugo.monteiro@fct.unl.pt Telefone : +351 212948300 Ext.15307
Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt apoio@fct.unl.pt
ci.fct.unl.pt:~# _
On Fri, 2008-02-15 at 10:11 -0600, Tim Tyler wrote:
Dovecot experts, Does Dovecot support ldaps:\\ connections in dovecot-ldap.conf for ldap connections? I can get regular ldap:\\connections to work, but not ldaps:\\ connections. I have even downloaded the latest beta version of dovecot and it still doesn't work. If its not supported, will it be in the near future?
Dovecot doesn't know anything about ldaps, and it doesn't need to know. It's entirely up to the LDAP library to support it. Anyway as far as I know ldaps connections should work with Dovecot and OpenLDAP, I've never tried to use them myself though.
Unfortunately OpenLDAP's error reporting is horrible. You'll have to recompile it with debugging enabled if you want to get anything else than "connection failed" out of it.
El Friday 15 February 2008 19:07:08 Timo Sirainen escribió:
Dovecot doesn't know anything about ldaps, and it doesn't need to know. It's entirely up to the LDAP library to support it. Anyway as far as I know ldaps connections should work with Dovecot and OpenLDAP, I've never tried to use them myself though.
From my dovecot-ldap.conf:
uris = ldaps://ldap1.ehu.es ldaps://ldap2.ehu.es ldaps://ldap3.ehu.es
It works fine, and if ldap1 doesn't respond, it goes with ldap2. All the servers are RHEL4.
In my experience, most problems with ldaps:// connecitions are certificate related. Try adding something like
TLS_REQCERT allow
to your /etc/openldap/ldap.conf, and if that works, the problem is with your certificates, and you'll need something like
TLS_CACERT /etc/openldap/cacerts/yourcert.pem
in /etc/openldap/ldap.conf
HTH
Joseba Torre. CIDIR Bizkaia.
participants (5)
-
Geert Hendrickx
-
Hugo Monteiro
-
Joseba Torre
-
Tim Tyler
-
Timo Sirainen