Dovecot not connecting to OpenLDAP

[Steffen Kaiser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 15 May 2019, Elias Falconi via dovecot wrote:

> 2019-05-15 16:27:43 auth: Error: LDAP /etc/dovecot/dovecot-ldap.conf.ext:
> ldap_start_tls_s() failed: Can't contact LDAP server
> 2019-05-15 16:39:36 auth: Error: LDAP /etc/dovecot/dovecot-ldap.conf.ext:
> ldap_start_tls_s() failed: Connect error
> 2019-05-15 16:39:43 auth: Error: LDAP /etc/dovecot/dovecot-ldap.conf.ext:
> ldap_start_tls_s() failed: Local error
>
> # Space separated list of LDAP hosts to use. host:port is allowed too.
> hosts = 139.147.9.135
>
> # Use TLS to connect to the LDAP server.
> tls = yes
> # TLS options, currently supported only with OpenLDAP:
> #tls_ca_cert_file =/etc/ssl/certs/ldap.crt
> tls_ca_cert_file =/etc/ssl/certs/ldap6_cacert.pem

> # is still used, only the password field is ignored in it. Before doing any
> # search, the binding is switched back to the default DN.
> auth_bind = yes
>
> # For example:
> #   auth_bind_userdn = cn=%u,ou=people,o=org
> #
> #auth_bind_userdn =
>

are you sure these settings fit each other?

a) IP address, but force tls with cert
- -> is the IP address part of the alternate subjects of the cert?

you seem to use STARTTLS
https://docs.oracle.com/cd/E22289_01/html/821-1273/testing-ssl-starttls-and-sasl.html

b) once you've sorted TLS out looks like auth_bind conflicts with 
auth_bind_userdn


- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBXNz+EsQnQQNheMxiAQI8eggAh8bjcL6FQJgZBUd10bWBzPhR1UQmyUHx
6waUF02hPX2FJW/HnXcyHCcT/lR6sq1fIOYtT+IFniBmXt/MNb9cRi1PwGEdVWgs
6d7QNwRhesHLkfDnuK4WIt2J9/RXoWcUK/KW1DQ4cGPwXDCsDzAJnaFoqYqlN9DF
PjnZKyKaKoGvstDLTM0tFk87iHDue4SkWsw72o2sWNNNNEhOxgSdVGfN0taLh1nh
Spwdz03mTpZwJJW5MyDplklGofWLEZD8jiclsWsaSOb7A0+05gK7nl4YsLrnCIH7
9lADo4LNmCr4g90Xf6zO4T5HlpUjvQNME3OwiI+mIeoXPvU7wjYinA==
=6QRq
-----END PGP SIGNATURE-----