info at gwarband.de
2017-Mar-20 15:28 UTC
Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP]
Can sombody say something about this request? This is an email from the openldap-technical mailinglist from openldap. Systemdetails are mention in the other email. -------- Originalnachricht -------- Betreff: Re: Dovecot can't connect to openldap over starttls Datum: 2017-03-20 16:18 Absender: Dan White <dwhite at cafedemocracy.org> Empf?nger: info at gwarband.de Kopie: openldap-technical at openldap.org On 03/20/17?16:06?+0100, info at gwarband.de wrote:>> Debug Dovecot's implementation of ldap_start_tls_s(). > I don't have any idea how to set a higher debug level to dovecot. In > my opinion I have the highest. So I can't deliver a greater log.I recommend consulting Dovecot's advice on how to run a debugger, or dig into the code which calls libldap.
Aki Tuomi
2017-Mar-20 16:42 UTC
Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP]
> On March 20, 2017 at 5:28 PM info at gwarband.de wrote: > > > Can sombody say something about this request? > > This is an email from the openldap-technical mailinglist from openldap. > > Systemdetails are mention in the other email. > > -------- Originalnachricht -------- > Betreff: Re: Dovecot can't connect to openldap over starttls > Datum: 2017-03-20 16:18 > Absender: Dan White <dwhite at cafedemocracy.org> > Empf?nger: info at gwarband.de > Kopie: openldap-technical at openldap.org > > On 03/20/17 16:06 +0100, info at gwarband.de wrote: > >> Debug Dovecot's implementation of ldap_start_tls_s(). > > I don't have any idea how to set a higher debug level to dovecot. In > > my opinion I have the highest. So I can't deliver a greater log. > > I recommend consulting Dovecot's advice on how to run a debugger, or > dig > into the code which calls libldap.Hi! I just ran a quick test, and following things are needed: uris = ldap://ldap.host.com tls = yes tls_ca_cert_file = /path/to/cert-bundle.crt this has been tested with 2.2.28, and works just fine. Not sure why you are having issues. Of course this could be anything between not finding compatible ciphers to the LDAP server actually expecting client certificate, what with the logs not actually being too verbose unfortunately. There isn't too much to "debug" in Dovecot's TLS implementation, it's not doing anything fancy asides from calling the ldap_start_tls_s. I am not sure what debugging you could try further. Aki
info at gwarband.de
2017-Mar-20 18:14 UTC
Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP]
I have also tested with 2.2.28 and this version has the same issue. The finding of compatible ciphers is not the problem because I have uncommented the ldap entrys: TLSCipherSuite SECURE128:-ARCFOUR-128:-CAMELLIA-128-CBC:-3DES-CBC:-CAMELLIA-128-GCM TLSProtocolMin 3.1 Maybe you have further ideas. Am 2017-03-20 17:42, schrieb Aki Tuomi:>> On March 20, 2017 at 5:28 PM info at gwarband.de wrote: >> >> >> Can sombody say something about this request? >> >> This is an email from the openldap-technical mailinglist from >> openldap. >> >> Systemdetails are mention in the other email. >> >> -------- Originalnachricht -------- >> Betreff: Re: Dovecot can't connect to openldap over starttls >> Datum: 2017-03-20 16:18 >> Absender: Dan White <dwhite at cafedemocracy.org> >> Empf?nger: info at gwarband.de >> Kopie: openldap-technical at openldap.org >> >> On 03/20/17 16:06 +0100, info at gwarband.de wrote: >>>> Debug Dovecot's implementation of ldap_start_tls_s(). >>> I don't have any idea how to set a higher debug level to dovecot. In >>> my opinion I have the highest. So I can't deliver a greater log. >> >> I recommend consulting Dovecot's advice on how to run a debugger, or >> dig >> into the code which calls libldap. > > Hi! > I just ran a quick test, and following things are needed: > > uris = ldap://ldap.host.com > tls = yes > tls_ca_cert_file = /path/to/cert-bundle.crt > > this has been tested with 2.2.28, and works just fine. Not sure why > you are having issues. > > Of course this could be anything between not finding compatible > ciphers to the LDAP server actually expecting client certificate, what > with the logs not actually being too verbose unfortunately. There > isn't too much to "debug" in Dovecot's TLS implementation, it's not > doing anything fancy asides from calling the ldap_start_tls_s. > > I am not sure what debugging you could try further. > > Aki
Reasonably Related Threads
- Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP]
- Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP]
- Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP]
- Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP]
- Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP]