Jim Moseby
2010-May-20 13:35 UTC
[Dovecot] LDAP against Novell eDirectory: 'Confidentiality required'
Hi list!
I am trying to get dovecot to authenticate users against Novell eDirectory via
LDAP. I have successfully gotten open-xchange to authenticate, and I have
written a PHP module that authenticates, however I cannot seem to get Dovecot
working.
If I turn on TLS and restart dovecot, I get:
dovecot: 2010-05-20 09:22:05 Error: auth(default): LDAP: ldap_start_tls_s()
failed: Connect error
dovecot: 2010-05-20 09:22:05 Error: auth(default): LDAP: ldap_start_tls_s()
failed: Local error
If I turn it off, it starts without error, but returns this when a user tries to
authenticate:
dovecot: 2010-05-20 08:48:39 Error: auth(default): ldap(jkmoseby,127.0.0.1):
ldap_bind() failed: Confidentiality required
I have tried all combinations of host:port, and LDAP uri strings I can think of,
nothing seems to work.
Thanks in advance, config files follow.
Jim
--------------------------------------------------------
'dovecot -n' returns:
# 1.0.15: /etc/dovecot/dovecot.conf
base_dir: /var/run/dovecot/
log_path: /var/log/dovecot.log
info_log_path: /var/log/dovecot.log
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imap
login_dir: /var/run/dovecot//login
login_executable: /usr/lib/dovecot/imap-login
login_greeting: EFA mail server ready.
mail_privileged_group: mail
auth default:
passdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
userdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
---------------------------------------------------------
'grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf' returns:
hosts = 10.1.10.200
tls = yes
auth_bind = yes
auth_bind_userdn = cn=%u,o=GSO,o=EFA
base = o=EFA
scope = subtree
user_filter = (&(objectClass=posixAccount)(uid=%u))
Martin Ott
2010-May-20 15:40 UTC
[Dovecot] LDAP against Novell eDirectory: 'Confidentiality required'
Hi Jim, I don't know why your setup is not working. I only can provide you some hints from our working setup. We authenticate our users against a MS Active Directory Server. the uri in dovecot-ldap.conf is: uris = ldaps://hostname we also had to add in /etc/ldap/ldap.conf TLS_CACERT /etc/ssl/certs/certfile.crt TLS_REQCERT demand hope this helps, Martin Am 20.05.2010 15:35, schrieb Jim Moseby:> Hi list! > > I am trying to get dovecot to authenticate users against Novell eDirectory via LDAP. I have successfully gotten open-xchange to authenticate, and I have written a PHP module that authenticates, however I cannot seem to get Dovecot working. > > If I turn on TLS and restart dovecot, I get: > dovecot: 2010-05-20 09:22:05 Error: auth(default): LDAP: ldap_start_tls_s() failed: Connect error > dovecot: 2010-05-20 09:22:05 Error: auth(default): LDAP: ldap_start_tls_s() failed: Local error > If I turn it off, it starts without error, but returns this when a user tries to authenticate: > dovecot: 2010-05-20 08:48:39 Error: auth(default): ldap(jkmoseby,127.0.0.1): ldap_bind() failed: Confidentiality required > > I have tried all combinations of host:port, and LDAP uri strings I can think of, nothing seems to work. > > Thanks in advance, config files follow. > > Jim > > -------------------------------------------------------- > > 'dovecot -n' returns: > # 1.0.15: /etc/dovecot/dovecot.conf > base_dir: /var/run/dovecot/ > log_path: /var/log/dovecot.log > info_log_path: /var/log/dovecot.log > log_timestamp: %Y-%m-%d %H:%M:%S > protocols: imap > login_dir: /var/run/dovecot//login > login_executable: /usr/lib/dovecot/imap-login > login_greeting: EFA mail server ready. > mail_privileged_group: mail > auth default: > passdb: > driver: ldap > args: /etc/dovecot/dovecot-ldap.conf > userdb: > driver: ldap > args: /etc/dovecot/dovecot-ldap.conf > --------------------------------------------------------- > > 'grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf' returns: > hosts = 10.1.10.200 > tls = yes > auth_bind = yes > auth_bind_userdn = cn=%u,o=GSO,o=EFA > base = o=EFA > scope = subtree > user_filter = (&(objectClass=posixAccount)(uid=%u)) >