Displaying 20 results from an estimated 44 matches for "tls_ca_cert_file".
2017 Mar 20
2
Dovecot can't connect to openldap over starttls
I've tested your soulution, but it also says the same error.
I've tested all combinations of:
- tls_ca_cert_file = <cert>
- tls = yes
- tls_require_cert = demand
Every time it says "Connection error".
Only when tls is uncommented it says "TLS required".
Additional information from my contact with the openldap-technical
mailing list:
The ldapsearch under the user do...
2017 Mar 18
2
Dovecot can't connect to openldap over starttls
...a look at
>>> default
>>> client settings in /etc/openldap/ldap.conf, there may be something
>>> set a
>>> slightly different way.
>>> Also double check permissions for files used by dovecot, I mean
>>> mainly
>>> the file listed for tls_ca_cert_file as dovecot may not have an
>>> access
>>> for reading...
>>>
>>> I cannot see anything downright bad, just posted CA cert (which is
>>> ok,
>>> tested) is *.crt and your config mentions *.pem but I consider it's
>>> the
>>...
2017 Mar 20
0
Dovecot can't connect to openldap over starttls
Actually, I likely managed to replicate the problem itself.
I've observed described behavior (timeout with connection error) only if
Dovecot's tls_ca_cert_file provided either non-existent file or there
was no read access to the existing file -- found during review after
sending my last post as I run CentOS, not Debian and didn't adjust the
path correctly (/etc/ldap vs. /etc/openldap) in dovecot-ldap.conf when
setting that up.
Anyway, ldapsearch uses...
2019 Dec 08
2
Dovecot & OAuth
...>>> introspection_mode = post
>>>> debug = yes
>>>> rawlog_dir = /tmp/oauth2
>>>> #force_introspection = yes
>>>> username_attribute = username
>>>> #active_attribute = active
>>>> #active_value = true
>>>> tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt
>>>> tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
>>>> tls_key_file = /etc/pki/dovecot/private/dovecot.pem
>>>>
>>>>
>>>> ---------------
>>>>
>>>>
>>...
2020 Jul 05
2
dovecot oauth
...ure Keycloak with nginx proxy and without it (access
> > via port 8443) (in case the problem came from the ssl config on the
> > keycloak server), but still the same error.
> >
> > If the bug is fixed, then could someone tell me what do I have to put in
> > the option tls_ca_cert_file?
> >
> > I tried with /etc/letsencrypt/live/my.host/chain.pem and also certs I
> > got from let's encrypt website (https://letsencrypt.org/certificates/ /
> > tried ISRG Root X1 (self-signed) & Let?s Encrypt Authority X3 (IdenTrust
> > cross-signed) & Let?...
2019 Dec 06
4
Dovecot & OAuth
...rl =
https://dovecot:7598e21b-ec34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect
introspection_mode = post
debug = yes
rawlog_dir = /tmp/oauth2
#force_introspection = yes
username_attribute = username
#active_attribute = active
#active_value = true
tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt
tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
tls_key_file = /etc/pki/dovecot/private/dovecot.pem
---------------
The debug log is showing now slightly different msg ex:
Dec 5 21:09:59 mktst4 dovecot: auth: Error:
oauth2(mizuki,10.0.2.1,<29b4...
2017 Mar 18
2
Dovecot can't connect to openldap over starttls
...cn=config
> attributes:
>
> olcTLSCertificateKeyFile contains private key
> olcTLSCertificateFile contains certificate
> olcTLSCACertificateFile contains both certs (DST Root CA X3
> and Let's Encrypt Authority X3)
>
> and used the same CA file in Dovecot's tls_ca_cert_file
>
> Is ldapsearch working ok (-ZZ) and only Dovecot has troubles or ... ?
>
>
>
> Hope that helps, good luck ;)
> Tomas
>
>
> On 03/17/2017 04:27 PM, info at gwarband.de wrote:
>> Hello guys,
>>
>> actually I'm trying to configure dovecot t...
2017 Mar 18
2
Dovecot can't connect to openldap over starttls
...ient.
> It's not obvious what settings ldapsearch uses, have a look at default
> client settings in /etc/openldap/ldap.conf, there may be something set
> a
> slightly different way.
> Also double check permissions for files used by dovecot, I mean mainly
> the file listed for tls_ca_cert_file as dovecot may not have an access
> for reading...
>
> I cannot see anything downright bad, just posted CA cert (which is ok,
> tested) is *.crt and your config mentions *.pem but I consider it's
> the
> same file.
>
> Finally, I would recommend to enable debug option...
2019 May 15
2
Dovecot not connecting to OpenLDAP
...se.
#sasl_realm =
# SASL authorization ID, ie. the dnpass is for this "master user", but the
# dn is still the logged in user. Normally you want to keep this empty.
#sasl_authz_id =
# Use TLS to connect to the LDAP server.
tls = yes
# TLS options, currently supported only with OpenLDAP:
#tls_ca_cert_file =/etc/ssl/certs/ldap.crt
tls_ca_cert_file =/etc/ssl/certs/ldap6_cacert.pem
#tls_ca_cert_dir =/etc/ssl/certs/
#tls_cipher_suite =
# TLS cert/key is used only if LDAP server requires a client certificate.
#tls_cert_file = /etc/ssl/certs/ldap01_slapd_cert.pem
#tls_key_file = /etc/ssl/private/ldap01_sl...
2020 Jul 04
2
dovecot oauth
...let's encrypt certificates.
I tried to configure Keycloak with nginx proxy and without it (access
via port 8443) (in case the problem came from the ssl config on the
keycloak server), but still the same error.
If the bug is fixed, then could someone tell me what do I have to put in
the option tls_ca_cert_file?
I tried with /etc/letsencrypt/live/my.host/chain.pem and also certs I
got from let's encrypt website (https://letsencrypt.org/certificates/ /
tried ISRG Root X1 (self-signed) & Let?s Encrypt Authority X3 (IdenTrust
cross-signed) & Let?s Encrypt Authority X3 (Signed by ISRG Root X1))
B...
2017 Mar 20
0
Dovecot can't connect to openldap over starttls
I've finally managed that running on Debian 8 test machine by commenting
tls_ca_cert_file =
option from dovecot-ldap.conf, so only
tls = yes
tls_require_cert = demand
Not sure why is that as on my CentOS6 Dovecot works even with that
commented option. May be that CentOS and Debian uses different ldap
library or different versions or there's another peculiarity ...
Anyway, when t...
2019 Feb 04
2
acl_groups from LDAP issue
...st -u user.name
the mailboxes are not listed and with -Dv i get "permission denied, no
lookup rights".
in my dovecot-ldap-userdb.conf.ext is
hosts = ldap.server.example
dn = cn=service_id,ou=mailserver,ou=system,ou=services,dc=server,dc=example
dnpass = protectedpassword12345
tls = yes
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
tls_require_cert = demand
ldap_version = 3
base = ou=users,dc=server,dc=example
deref = always
scope = subtree
user_attrs =
=home={ldap:dcMailMessageStore},system_groups_user=%u,allow_all_users=yes,=acl_groups=%{env:ACL_GROUPS}
user_filter =
(&(objectClass=p...
2017 Mar 20
2
Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP]
...greater log.
>>
>> I recommend consulting Dovecot's advice on how to run a debugger, or
>> dig
>> into the code which calls libldap.
>
> Hi!
> I just ran a quick test, and following things are needed:
>
> uris = ldap://ldap.host.com
> tls = yes
> tls_ca_cert_file = /path/to/cert-bundle.crt
>
> this has been tested with 2.2.28, and works just fine. Not sure why
> you are having issues.
>
> Of course this could be anything between not finding compatible
> ciphers to the LDAP server actually expecting client certificate, what
> with the...
2019 May 16
0
Dovecot not connecting to OpenLDAP
...-ldap.conf.ext:
> ldap_start_tls_s() failed: Local error
>
> # Space separated list of LDAP hosts to use. host:port is allowed too.
> hosts = 139.147.9.135
>
> # Use TLS to connect to the LDAP server.
> tls = yes
> # TLS options, currently supported only with OpenLDAP:
> #tls_ca_cert_file =/etc/ssl/certs/ldap.crt
> tls_ca_cert_file =/etc/ssl/certs/ldap6_cacert.pem
> # is still used, only the password field is ignored in it. Before doing any
> # search, the binding is switched back to the default DN.
> auth_bind = yes
>
> # For example:
> # auth_bind_userdn =...
2019 Dec 06
0
Dovecot & OAuth
...ect
> > > introspection_mode = post
> > > debug = yes
> > > rawlog_dir = /tmp/oauth2
> > > #force_introspection = yes
> > > username_attribute = username
> > > #active_attribute = active
> > > #active_value = true
> > > tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt
> > > tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
> > > tls_key_file = /etc/pki/dovecot/private/dovecot.pem
> > >
> > >
> > > ---------------
> > >
> > >
> > >
>...
2017 Mar 18
0
Dovecot can't connect to openldap over starttls
...ate its settings for dovecot client.
It's not obvious what settings ldapsearch uses, have a look at default
client settings in /etc/openldap/ldap.conf, there may be something set a
slightly different way.
Also double check permissions for files used by dovecot, I mean mainly
the file listed for tls_ca_cert_file as dovecot may not have an access
for reading...
I cannot see anything downright bad, just posted CA cert (which is ok,
tested) is *.crt and your config mentions *.pem but I consider it's the
same file.
Finally, I would recommend to enable debug option for dovecot's client
debug_level =...
2019 Dec 10
0
Dovecot & OAuth
...ost
> >>>> debug = yes
> >>>> rawlog_dir = /tmp/oauth2
> >>>> #force_introspection = yes
> >>>> username_attribute = username
> >>>> #active_attribute = active
> >>>> #active_value = true
> >>>> tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt
> >>>> tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
> >>>> tls_key_file = /etc/pki/dovecot/private/dovecot.pem
> >>>>
> >>>>
> >>>> ---------------
> >>>>
&...
2017 Mar 20
2
Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP]
...a debugger,
>>>> or
>>>> dig
>>>> into the code which calls libldap.
>>>
>>> Hi!
>>> I just ran a quick test, and following things are needed:
>>>
>>> uris = ldap://ldap.host.com
>>> tls = yes
>>> tls_ca_cert_file = /path/to/cert-bundle.crt
>>>
>>> this has been tested with 2.2.28, and works just fine. Not sure why
>>> you are having issues.
>>>
>>> Of course this could be anything between not finding compatible
>>> ciphers to the LDAP server actually e...
2017 Mar 20
2
Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP]
Can sombody say something about this request?
This is an email from the openldap-technical mailinglist from openldap.
Systemdetails are mention in the other email.
-------- Originalnachricht --------
Betreff: Re: Dovecot can't connect to openldap over starttls
Datum: 2017-03-20 16:18
Absender: Dan White <dwhite at cafedemocracy.org>
Empf?nger: info at gwarband.de
Kopie:
2020 Jul 06
0
dovecot oauth
...ith nginx proxy and without it (access
>>> via port 8443) (in case the problem came from the ssl config on the
>>> keycloak server), but still the same error.
>>>
>>> If the bug is fixed, then could someone tell me what do I have to put in
>>> the option tls_ca_cert_file?
>>>
>>> I tried with /etc/letsencrypt/live/my.host/chain.pem and also certs I
>>> got from let's encrypt website (https://letsencrypt.org/certificates/ /
>>> tried ISRG Root X1 (self-signed) & Let?s Encrypt Authority X3 (IdenTrust
>>> cross-sign...