On Mon, 2022-08-29 at 11:03 +0200, Stefan Kania via samba
wrote:> Hello to all,
>
> following configuration:
>
> dovecote as IMAP-server and samba 4.16 as domaincontroller. We need
> to
> do the authentication from dovecot to ldap to do queries. We want to
> use
> ldaps or TLS as protocol to connect from the dovecot to AD. To allow
> connection to Sambas LDAP we set "ldap server require strong auth >
no".
> Then we tested with:
>
> ldapsearch -D ktom at example.net -W -H ldaps://addc01.example.net -b
> dc=example,dc=net
>
> and it works, but as soon as we tried to do the same from the
> dovcot-server we only get a:
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>
> Is it possible to allow the connection via LDAPS to a DC from any
> host?
>
> PLEASE: NO discussion about security!
Wouldn't dream of discussing security, because you have turned it off.
I suggest you read this:
https://lists.samba.org/archive/samba/2020-October/232855.html
Then consider using kerberos instead, it is much more 'the word we will
not use' :-)
Rowland