Hello guys, actually I'm trying to configure dovecot to access openldap for passwordcheck. My openldap is only allow access over "secure ldap". The dovecot can communicate with the openldap server but there is maybe a failure in the sslhandshake. Additional information you can find in the logs or in the dump below. Also I have my ldap config from dovecot in the links below. I have already created an bug reporting in the system of openldap but the answer was to get support from her. All datalinks: https://gwarband.de/openldap/dovecot.log https://gwarband.de/openldap/dovecot-ldap.conf https://gwarband.de/openldap/openldap.log https://gwarband.de/openldap/trace.dump The bugreportinglink from openldap: http://www.openldap.org/its/index.cgi/Incoming?id=8615 I hope you can help me. Regards. Tobias Warband
Hi, been running Dovecot 2.2.27 against OpenLDAP 2.4.40 normally over the unix socket on the same machine, but tried over inet with STARTTLS and it's working ok... I would suggest double-checking key/certs setup on OpenLDAP side; for the test I have used LE certs, utilizing following cn=config attributes: olcTLSCertificateKeyFile contains private key olcTLSCertificateFile contains certificate olcTLSCACertificateFile contains both certs (DST Root CA X3 and Let's Encrypt Authority X3) and used the same CA file in Dovecot's tls_ca_cert_file Is ldapsearch working ok (-ZZ) and only Dovecot has troubles or ... ? Hope that helps, good luck ;) Tomas On 03/17/2017 04:27 PM, info at gwarband.de wrote:> Hello guys, > > actually I'm trying to configure dovecot to access openldap for > passwordcheck. > My openldap is only allow access over "secure ldap". > The dovecot can communicate with the openldap server but there is maybe > a failure in the sslhandshake. > Additional information you can find in the logs or in the dump below. > Also I have my ldap config from dovecot in the links below. > > I have already created an bug reporting in the system of openldap but > the answer was to get support from her. > > All datalinks: > https://gwarband.de/openldap/dovecot.log > https://gwarband.de/openldap/dovecot-ldap.conf > https://gwarband.de/openldap/openldap.log > https://gwarband.de/openldap/trace.dump > > The bugreportinglink from openldap: > http://www.openldap.org/its/index.cgi/Incoming?id=8615 > > I hope you can help me. > > Regards. > Tobias Warband
Hello, I have also installed LE certs. But nothing helps, I have double-checking all certs. ldapsearch with -ZZ works see: https://gwarband.de/openldap/ldapsearch.log I have also uploaded the TLSCACertificateFile, maybe I have a failure in the merge of the two fiels: https://gwarband.de/openldap/LetsEncrypt.crt And also I have uploaded my complete openldap configuration: https://gwarband.de/openldap/openldap.conf All other components can work and communicate with my openldap server. The components are postfix, openxchange, apache (phpldapadmin). My installated software is: Debian 8 OpenLDAP 2.4.40 Dovecot 2.2.13 I hope you can find the issue. Thanks, Tobias Am 2017-03-17 22:48, schrieb Tomas Habarta:> Hi, > > been running Dovecot 2.2.27 against OpenLDAP 2.4.40 normally over the > unix socket on the same machine, but tried over inet with STARTTLS and > it's working ok... > > I would suggest double-checking key/certs setup on OpenLDAP side; for > the test I have used LE certs, utilizing following cn=config > attributes: > > olcTLSCertificateKeyFile contains private key > olcTLSCertificateFile contains certificate > olcTLSCACertificateFile contains both certs (DST Root CA X3 > and Let's Encrypt Authority X3) > > and used the same CA file in Dovecot's tls_ca_cert_file > > Is ldapsearch working ok (-ZZ) and only Dovecot has troubles or ... ? > > > > Hope that helps, good luck ;) > Tomas > > > On 03/17/2017 04:27 PM, info at gwarband.de wrote: >> Hello guys, >> >> actually I'm trying to configure dovecot to access openldap for >> passwordcheck. >> My openldap is only allow access over "secure ldap". >> The dovecot can communicate with the openldap server but there is >> maybe >> a failure in the sslhandshake. >> Additional information you can find in the logs or in the dump below. >> Also I have my ldap config from dovecot in the links below. >> >> I have already created an bug reporting in the system of openldap but >> the answer was to get support from her. >> >> All datalinks: >> https://gwarband.de/openldap/dovecot.log >> https://gwarband.de/openldap/dovecot-ldap.conf >> https://gwarband.de/openldap/openldap.log >> https://gwarband.de/openldap/trace.dump >> >> The bugreportinglink from openldap: >> http://www.openldap.org/its/index.cgi/Incoming?id=8615 >> >> I hope you can help me. >> >> Regards. >> Tobias Warband