Dovecot can't connect to openldap over starttls

Tomas Habarta lists+dovecot at tocc.cz
Fri Mar 17 23:48:09 EET 2017


Hi,

been running Dovecot 2.2.27 against OpenLDAP 2.4.40 normally over the
unix socket on the same machine, but tried over inet with STARTTLS and
it's working ok...

I would suggest double-checking key/certs setup on OpenLDAP side; for
the test I have used LE certs, utilizing following cn=config attributes:

olcTLSCertificateKeyFile	contains private key
olcTLSCertificateFile		contains certificate
olcTLSCACertificateFile		contains both certs (DST Root CA X3
				and Let's Encrypt Authority X3)

and used the same CA file in Dovecot's tls_ca_cert_file

Is ldapsearch working ok (-ZZ) and only Dovecot has troubles or ... ?



Hope that helps, good luck ;)
Tomas


On 03/17/2017 04:27 PM, info at gwarband.de wrote:
> Hello guys,
> 
> actually I'm trying to configure dovecot to access openldap for
> passwordcheck.
> My openldap is only allow access over "secure ldap".
> The dovecot can communicate with the openldap server but there is maybe
> a failure in the sslhandshake.
> Additional information you can find in the logs or in the dump below.
> Also I have my ldap config from dovecot in the links below.
> 
> I have already created an bug reporting in the system of openldap but
> the answer was to get support from her.
> 
> All datalinks:
> https://gwarband.de/openldap/dovecot.log
> https://gwarband.de/openldap/dovecot-ldap.conf
> https://gwarband.de/openldap/openldap.log
> https://gwarband.de/openldap/trace.dump
> 
> The bugreportinglink from openldap:
> http://www.openldap.org/its/index.cgi/Incoming?id=8615
> 
> I hope you can help me.
> 
> Regards.
> Tobias Warband


More information about the dovecot mailing list