Dovecot can't connect to openldap over starttls
info at gwarband.de
info at gwarband.de
Sat Mar 18 10:41:13 EET 2017
Hello,
I have also installed LE certs.
But nothing helps, I have double-checking all certs.
ldapsearch with -ZZ works see:
https://gwarband.de/openldap/ldapsearch.log
I have also uploaded the TLSCACertificateFile, maybe I have a failure
in the merge of the two fiels:
https://gwarband.de/openldap/LetsEncrypt.crt
And also I have uploaded my complete openldap configuration:
https://gwarband.de/openldap/openldap.conf
All other components can work and communicate with my openldap server.
The components are postfix, openxchange, apache (phpldapadmin).
My installated software is:
Debian 8
OpenLDAP 2.4.40
Dovecot 2.2.13
I hope you can find the issue.
Thanks,
Tobias
Am 2017-03-17 22:48, schrieb Tomas Habarta:
> Hi,
>
> been running Dovecot 2.2.27 against OpenLDAP 2.4.40 normally over the
> unix socket on the same machine, but tried over inet with STARTTLS and
> it's working ok...
>
> I would suggest double-checking key/certs setup on OpenLDAP side; for
> the test I have used LE certs, utilizing following cn=config
> attributes:
>
> olcTLSCertificateKeyFile contains private key
> olcTLSCertificateFile contains certificate
> olcTLSCACertificateFile contains both certs (DST Root CA X3
> and Let's Encrypt Authority X3)
>
> and used the same CA file in Dovecot's tls_ca_cert_file
>
> Is ldapsearch working ok (-ZZ) and only Dovecot has troubles or ... ?
>
>
>
> Hope that helps, good luck ;)
> Tomas
>
>
> On 03/17/2017 04:27 PM, info at gwarband.de wrote:
>> Hello guys,
>>
>> actually I'm trying to configure dovecot to access openldap for
>> passwordcheck.
>> My openldap is only allow access over "secure ldap".
>> The dovecot can communicate with the openldap server but there is
>> maybe
>> a failure in the sslhandshake.
>> Additional information you can find in the logs or in the dump below.
>> Also I have my ldap config from dovecot in the links below.
>>
>> I have already created an bug reporting in the system of openldap but
>> the answer was to get support from her.
>>
>> All datalinks:
>> https://gwarband.de/openldap/dovecot.log
>> https://gwarband.de/openldap/dovecot-ldap.conf
>> https://gwarband.de/openldap/openldap.log
>> https://gwarband.de/openldap/trace.dump
>>
>> The bugreportinglink from openldap:
>> http://www.openldap.org/its/index.cgi/Incoming?id=8615
>>
>> I hope you can help me.
>>
>> Regards.
>> Tobias Warband
More information about the dovecot
mailing list