On a Debian10 I've installed postfix 3.4.14 and dovecot 2.3.4.1. I've configured multiple passdb sources and I expect that if one fails the other ones are tested. This is usually the case, except when the failure is due to an invalid certificate from the ldap server. In that case all authentication attempts from that moment on will fail.

I've trimmed down the configuration as much as possible (see below), and this is the syslog output of my tests:

TEST 1 - Everything is configured correctly: No output on syslog

TEST 2 - Wrong hostname as a ldap server: Auth attempt 1: Nov 19 11:25:29 debian dovecot: auth: Error: LDAP /etc/dovecot/dovecot-ldap-passdb.conf.ext: ldap_start_tls_s() failed: Can't contact LDAP server Nov 19 11:25:29 debian dovecot: auth: Error: LDAP /etc/dovecot/dovecot-ldap-userdb.conf.ext: ldap_start_tls_s() failed: Can't contact LDAP server Nov 19 11:25:29 debian dovecot: auth: Error: LDAP /etc/dovecot/dovecot-ldap-passdb.conf.ext: ldap_start_tls_s() failed: Can't contact LDAP server Nov 19 11:25:35 debian dovecot: auth: Error: LDAP /etc/dovecot/dovecot-ldap-passdb.conf.ext: ldap_start_tls_s() failed: Can't contact LDAP server Auth attempt 2: Nov 19 11:25:57 debian dovecot: auth: Error: LDAP /etc/dovecot/dovecot-ldap-passdb.conf.ext: ldap_start_tls_s() failed: Can't contact LDAP server Nov 19 11:25:59 debian dovecot: auth: Error: LDAP /etc/dovecot/dovecot-ldap-passdb.conf.ext: ldap_start_tls_s() failed: Can't contact LDAP server Auth attempt 3: Nov 19 11:26:28 debian dovecot: auth: Error: LDAP /etc/dovecot/dovecot-ldap-passdb.conf.ext: ldap_start_tls_s() failed: Can't contact LDAP server Nov 19 11:26:30 debian dovecot: auth: Error: LDAP /etc/dovecot/dovecot-ldap-passdb.conf.ext: ldap_start_tls_s() failed: Can't contact LDAP server

TEST 3 - Invalid certificate: Attempt 1: Nov 19 11:21:20 debian dovecot: auth: Error: LDAP /etc/dovecot/dovecot-ldap-passdb.conf.ext: ldap_start_tls_s() failed: Connect error Nov 19 11:21:20 debian dovecot: auth: Error: LDAP /etc/dovecot/dovecot-ldap-userdb.conf.ext: ldap_start_tls_s() failed: Connect error No output on other attempts...

CONFIGURATION FILES:

auth.conf:

auth_mechanisms = plain login passdb { driver = ldap args = /etc/dovecot/dovecot-ldap-passdb.conf.ext } userdb { driver = ldap args = /etc/dovecot/dovecot-ldap-userdb.conf.ext default_fields = uid=vmail gid=vmail home=/var/mail/vmail/%d/%n }

dovecot-ldap-passdb.conf.ext:

tls = yes hosts = DC1.fv.lan base = ou=Frigoveneta,dc=fv,dc=lan auth_bind = yes auth_bind_userdn = %u

dovecot-ldap-userdb.conf.ext:

tls = yes hosts = DC1.fv.lan base = ou=Frigoveneta,dc=fv,dc=lan dn = ##removed## dnpass = ##removed## user_filter = (&(userPrincipalName=%u))