Hi,
I want to dovecot connect to openldap with ssl/tls, and got error.
When without tls/ssl, it works ok.
from /var/log/maillog got:
Sep 24 05:38:03 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed:
Connect error
Sep 24 05:38:03 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed:
Can't contact LDAP server
Sep 24 05:38:03 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed:
Can't contact LDAP server
Sep 24 05:38:05 mail dovecot: pop3-login: Disconnected (auth failed, 1
attempts in 2 secs): user=<muyuan>, method=PLAIN, rip=192.168.100.99,
lip=10.10.120.20, TLS: Disconnected, session=<wSvD1RPnWwDAqGRj>
Sep 24 05:38:11 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed:
Can't contact LDAP server
Sep 24 05:38:13 mail dovecot: pop3-login: Disconnected (auth failed, 1
attempts in 6 secs): user=<muyuan>, method=PLAIN, rip=192.168.100.99,
lip=10.10.120.20, TLS: Disconnected, session=<2T761RPnXADAqGRj>
But when I use ldapsearch, it seems also ok
I use this from dovecot host
ldapsearch -D "cn=dovecot,ou=bindusers,dc=smuy,dc=net" -W -H
ldap://ldap.sv.
hm -b "ou=accounts,dc=smuy,dc=net" ?CZZ
it works ok
So I have no idea where to check?
Or how can I got more detailed log from dovecot for that connection
Sep 24 05:38:03 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed:
Connect error
Because I use ldapsearch both tls/ssl works well, why dovecot connect error?
What??s the detail happen in this connection?
Here is my dovecot-ldap.conf.ext:
# This file is commonly accessed via passdb {} or userdb {} section in
# conf.d/auth-ldap.conf.ext
# Space separated list of LDAP hosts to use. host:port is allowed too.
#hosts = ldap.sv.hm
#uris = ldaps://ldap.sv.hm:636/
uris = ldap://ldap.sv.hm:389/
dn = cn=dovecot,ou=bindusers,dc=smuy,dc=net
dnpass = 1qaz2wsx
#sasl_bind = no
#sasl_mech
#sasl_realm
#sasl_authz_id
# Use TLS to connect to the LDAP server.
tls = yes
#tls = no
tls_ca_cert_file = /etc/ssl/certs/ca/signing-ca.crt
tls_ca_cert_dir = /etc/ssl/certs/ca
#tls_cipher_suite
# TLS cert/key is used only if LDAP server requires a client certificate.
#tls_cert_file = /etc/ssl/certs/mail.crt
#tls_key_file = /etc/ssl/private/mail.key
# Valid values: never, hard, demand, allow, try
#tls_require_cert = never
See some suggestions!
Great thanks!
muyuan