[Dovecot] authenticating with LDAP and SSL
I managed to configure Dovecot to use a local OpenLDAP server to authenticate clients, without using SSL. However, I would rather that LDAP is accessed using SSL, but I cannot get Dovecot to connect. All that I did was change "uris" to "ldaps://localhost", and this appears in the maillog:
Mar 18 12:53:00 server dovecot: Dovecot v1.0.rc15 starting up Mar 18 12:53:01 server dovecot: auth(default): ldap_bind((null)) failed: Can't contact LDAP server
Is there additional configuration that is needed for SSL?
Note that I altered the slapd.conf file from not requiring SSL to requiring SSL when I changed the "uris" parameter. And, of course, accessing the directory using ldapsearch works just fine. It seems that there's only a problem when using SSL, but I don't know how to debug it.
Thanks
n
On Sun, 2007-03-18 at 13:26 -0700, Nathan Fiedler wrote:
Mar 18 12:53:00 server dovecot: Dovecot v1.0.rc15 starting up Mar 18 12:53:01 server dovecot: auth(default): ldap_bind((null)) failed: Can't contact LDAP server
The LDAP code was half rewritten in rc18, so you could try if a newer version fixes it (but I can't say for sure that it does). If you're using auth_bind=yes, rc15 will hang pretty easily with heavy load.
søn, 18.03.2007 kl. 13.26 -0700, skrev Nathan Fiedler:
I managed to configure Dovecot to use a local OpenLDAP server to authenticate clients, without using SSL. However, I would rather that LDAP is accessed using SSL, but I cannot get Dovecot to connect. All that I did was change "uris" to "ldaps://localhost", and this appears in the maillog:
Mar 18 12:53:00 server dovecot: Dovecot v1.0.rc15 starting up Mar 18 12:53:01 server dovecot: auth(default): ldap_bind((null)) failed: Can't contact LDAP server
Is there additional configuration that is needed for SSL?
Note that I altered the slapd.conf file from not requiring SSL to requiring SSL when I changed the "uris" parameter. And, of course, accessing the directory using ldapsearch works just fine. It seems that there's only a problem when using SSL, but I don't know how to debug it.
I have been using ldaps with dovecot since 0.99.x, and now with rc27 without problems. But I have never used auth_bind (yet, it's on my todo).
-Stian
Hi,
El Domingo, 18 de Marzo de 2007 21:26, Nathan Fiedler escribió:
Mar 18 12:53:00 server dovecot: Dovecot v1.0.rc15 starting up Mar 18 12:53:01 server dovecot: auth(default): ldap_bind((null)) failed: Can't contact LDAP server
Is there additional configuration that is needed for SSL?
Maybe your client ldap libraries don't know the server certificate you're using, and so they reject to begin the connection. Try adding
TLS_REQCERT allow
to your ldap.conf file and try again.
HTH
Aaaaaaaaagur.
Joseba Torre. CIDIR Bizkaia.
participants (4)
-
Joseba Torre
-
Nathan Fiedler
-
Stian Jordet
-
Timo Sirainen