[Dovecot] can't dovecot tls/ssl to openldap

牧原 yuan_mu_muy at hotmail.com
Tue Sep 24 00:54:17 EEST 2013 

Hi,

I want to dovecot connect to openldap with ssl/tls, and got error.

When without tls/ssl, it works ok.

 

from /var/log/maillog got:

Sep 24 05:38:03 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed:
Connect error

Sep 24 05:38:03 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed:
Can't contact LDAP server

Sep 24 05:38:03 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed:
Can't contact LDAP server

Sep 24 05:38:05 mail dovecot: pop3-login: Disconnected (auth failed, 1
attempts in 2 secs): user=<muyuan>, method=PLAIN, rip=192.168.100.99,
lip=10.10.120.20, TLS: Disconnected, session=<wSvD1RPnWwDAqGRj>

Sep 24 05:38:11 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed:
Can't contact LDAP server

Sep 24 05:38:13 mail dovecot: pop3-login: Disconnected (auth failed, 1
attempts in 6 secs): user=<muyuan>, method=PLAIN, rip=192.168.100.99,
lip=10.10.120.20, TLS: Disconnected, session=<2T761RPnXADAqGRj>

 

But when I use ldapsearch, it seems also ok

I use this from dovecot host

ldapsearch -D "cn=dovecot,ou=bindusers,dc=smuy,dc=net" -W -H ldap://ldap.sv.
hm -b "ou=accounts,dc=smuy,dc=net" ¨CZZ

 

it works ok

 

So I have no idea where to check?

Or how can I got more detailed log from dovecot for that connection

Sep 24 05:38:03 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed:
Connect error

 

Because I use ldapsearch both tls/ssl works well, why dovecot connect error?

What¡¯s the detail happen in this connection?

 

Here is my dovecot-ldap.conf.ext:

# This file is commonly accessed via passdb {} or userdb {} section in

# conf.d/auth-ldap.conf.ext

# Space separated list of LDAP hosts to use. host:port is allowed too.

 

#hosts = ldap.sv.hm

#uris = ldaps://ldap.sv.hm:636/

uris = ldap://ldap.sv.hm:389/

dn = cn=dovecot,ou=bindusers,dc=smuy,dc=net

dnpass = 1qaz2wsx

 

#sasl_bind = no

#sasl_mech =

#sasl_realm =

#sasl_authz_id =

 

# Use TLS to connect to the LDAP server.

tls = yes

#tls = no

tls_ca_cert_file = /etc/ssl/certs/ca/signing-ca.crt

tls_ca_cert_dir = /etc/ssl/certs/ca

#tls_cipher_suite =

# TLS cert/key is used only if LDAP server requires a client certificate.

#tls_cert_file = /etc/ssl/certs/mail.crt

#tls_key_file = /etc/ssl/private/mail.key

# Valid values: never, hard, demand, allow, try

#tls_require_cert = never

 

 

See some suggestions!

Great thanks!

 

muyuan

More information about the dovecot mailing list