[Dovecot] dovecot and ldaps://
Hi all, I've managed to get dovecot running with ldaps (ssl over port 636, not starttls). Btw, it's working right only if i specify "TLSVerifyClient never" in my slapd.conf.
With any other parameter (like "TLSVerifyClient demand"), the bind fails with:
connection_get(12) connection_get(12): got connid=0 connection_read(12): checking for input on id=0 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write certificate request A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(12) connection_get(12): got connid=0 connection_read(12): checking for input on id=0 TLS trace: SSL3 alert write:fatal:handshake failure TLS trace: SSL_accept:error in SSLv3 read client certificate B TLS: can't accept. TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate +/usr/src/lib/libssl/src/ssl/s3_srvr.c:2004 connection_read(12): TLS accept error error=-1 id=0, closing connection_closing: readying conn=0 sd=12 for close connection_close: conn=0 sd=12
Is there a way to specify, in the dovecot-ldap.conf file, where to look for the client certificate and key files? Or maybe make dovecot parse the ldaprc file under /etc?
Best Regards, David
On Fri, 2005-12-02 at 16:37 +0100, David Coppa wrote:
Is there a way to specify, in the dovecot-ldap.conf file, where to look for the client certificate and key files? Or maybe make dovecot parse the ldaprc file under /etc?
Doesn't /etc/ldap/ldap.conf get parsed also with Dovecot?
If not, what if you add to src/auth/main.c line 207 (just before lib_signals_init()):
putenv("LDAPCONF=/etc/ldap/ldap.conf");
Given the ldap.conf (5) man page, any ldap client using the libraries should parse the ldap.conf. So that should make the putenv unnecessary? The following is from linux, but of course openbsd has the same thing listed.
Geff
NAME ldap.conf, .ldaprc - ldap configuration file
SYNOPSIS /etc/openldap/ldap.conf, .ldaprc
DESCRIPTION If the environment variable LDAPNOINIT is defined, all defaulting is disabled.
The ldap.conf configuration file is used to set system-wide defaults to
be applied when running ldap clients.
Users may create an optional configuration file, ldaprc or .ldaprc, in
their home directory which will be used to override the system-wide
defaults file. The file ldaprc in the current working directory is
also used.
Quoting Timo Sirainen <tss@iki.fi>:
On Fri, 2005-12-02 at 16:37 +0100, David Coppa wrote:
Is there a way to specify, in the dovecot-ldap.conf file, where to look for the client certificate and key files? Or maybe make dovecot parse the ldaprc file under /etc?
Doesn't /etc/ldap/ldap.conf get parsed also with Dovecot?
If not, what if you add to src/auth/main.c line 207 (just before lib_signals_init()):
putenv("LDAPCONF=/etc/ldap/ldap.conf");
participants (3)
-
David Coppa
-
Geff
-
Timo Sirainen