I managed to configure Dovecot to use a local OpenLDAP server to authenticate clients, without using SSL. However, I would rather that LDAP is accessed using SSL, but I cannot get Dovecot to connect. All that I did was change "uris" to "ldaps://localhost", and this appears in the maillog: Mar 18 12:53:00 server dovecot: Dovecot v1.0.rc15 starting up Mar 18 12:53:01 server dovecot: auth(default): ldap_bind((null)) failed: Can't contact LDAP server Is there additional configuration that is needed for SSL? Note that I altered the slapd.conf file from not requiring SSL to requiring SSL when I changed the "uris" parameter. And, of course, accessing the directory using ldapsearch works just fine. It seems that there's only a problem when using SSL, but I don't know how to debug it. Thanks n
On Sun, 2007-03-18 at 13:26 -0700, Nathan Fiedler wrote:> Mar 18 12:53:00 server dovecot: Dovecot v1.0.rc15 starting up > Mar 18 12:53:01 server dovecot: auth(default): ldap_bind((null)) failed: > Can't contact LDAP serverThe LDAP code was half rewritten in rc18, so you could try if a newer version fixes it (but I can't say for sure that it does). If you're using auth_bind=yes, rc15 will hang pretty easily with heavy load. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20070318/9d09c919/attachment.bin>
s?n, 18.03.2007 kl. 13.26 -0700, skrev Nathan Fiedler:> I managed to configure Dovecot to use a local OpenLDAP server to > authenticate clients, without using SSL. However, I would rather that > LDAP is accessed using SSL, but I cannot get Dovecot to connect. All > that I did was change "uris" to "ldaps://localhost", and this appears in > the maillog: > > Mar 18 12:53:00 server dovecot: Dovecot v1.0.rc15 starting up > Mar 18 12:53:01 server dovecot: auth(default): ldap_bind((null)) failed: > Can't contact LDAP server > > Is there additional configuration that is needed for SSL? > > Note that I altered the slapd.conf file from not requiring SSL to > requiring SSL when I changed the "uris" parameter. And, of course, > accessing the directory using ldapsearch works just fine. It seems that > there's only a problem when using SSL, but I don't know how to debug it.I have been using ldaps with dovecot since 0.99.x, and now with rc27 without problems. But I have never used auth_bind (yet, it's on my todo). -Stian
Hi, El Domingo, 18 de Marzo de 2007 21:26, Nathan Fiedler escribi?:> Mar 18 12:53:00 server dovecot: Dovecot v1.0.rc15 starting up > Mar 18 12:53:01 server dovecot: auth(default): ldap_bind((null)) failed: > Can't contact LDAP server > > Is there additional configuration that is needed for SSL?Maybe your client ldap libraries don't know the server certificate you're using, and so they reject to begin the connection. Try adding TLS_REQCERT allow to your ldap.conf file and try again. HTH Aaaaaaaaagur. -- Joseba Torre. CIDIR Bizkaia.