Dovecot can't connect to openldap over starttls
Tomas Habarta
lists+dovecot at tocc.cz
Fri Mar 17 23:48:09 EET 2017
Hi,
been running Dovecot 2.2.27 against OpenLDAP 2.4.40 normally over the
unix socket on the same machine, but tried over inet with STARTTLS and
it's working ok...
I would suggest double-checking key/certs setup on OpenLDAP side; for
the test I have used LE certs, utilizing following cn=config attributes:
olcTLSCertificateKeyFile contains private key
olcTLSCertificateFile contains certificate
olcTLSCACertificateFile contains both certs (DST Root CA X3
and Let's Encrypt Authority X3)
and used the same CA file in Dovecot's tls_ca_cert_file
Is ldapsearch working ok (-ZZ) and only Dovecot has troubles or ... ?
Hope that helps, good luck ;)
Tomas
On 03/17/2017 04:27 PM, info at gwarband.de wrote:
> Hello guys,
>
> actually I'm trying to configure dovecot to access openldap for
> passwordcheck.
> My openldap is only allow access over "secure ldap".
> The dovecot can communicate with the openldap server but there is maybe
> a failure in the sslhandshake.
> Additional information you can find in the logs or in the dump below.
> Also I have my ldap config from dovecot in the links below.
>
> I have already created an bug reporting in the system of openldap but
> the answer was to get support from her.
>
> All datalinks:
> https://gwarband.de/openldap/dovecot.log
> https://gwarband.de/openldap/dovecot-ldap.conf
> https://gwarband.de/openldap/openldap.log
> https://gwarband.de/openldap/trace.dump
>
> The bugreportinglink from openldap:
> http://www.openldap.org/its/index.cgi/Incoming?id=8615
>
> I hope you can help me.
>
> Regards.
> Tobias Warband
More information about the dovecot
mailing list