search for: tls_cert_file

Hi, I'm using dovecot 2.2.9 (but after checking src/auth/db-ldap.c in 2.2.13 there seems to be the same bug/feature). The userdb and passdb use LDAP. All further configuration is done in auth-ldap.conf.ext. uri = ldaps://<host>/ # tls = tls_cert_file = /etc/ssl/certs/client-cert.pem tls_key_file = /etc/ssl/certs/client-key.file Dovecot ignores the tls_* options. If I use an ldap:// URI and switch on TLS using tls=yes it works as expected. But I do not see any reason why LDAPS should not read the tls_* settings. This small patch solve...

...gt; rawlog_dir = /tmp/oauth2 >>>> #force_introspection = yes >>>> username_attribute = username >>>> #active_attribute = active >>>> #active_value = true >>>> tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt >>>> tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem >>>> tls_key_file = /etc/pki/dovecot/private/dovecot.pem >>>> >>>> >>>> --------------- >>>> >>>> >>>> >>>> >>>> The debug log is showing now sli...

...cloak.com/auth/realms/demo/protocol/openid-connect/token/introspect introspection_mode = post debug = yes rawlog_dir = /tmp/oauth2 #force_introspection = yes username_attribute = username #active_attribute = active #active_value = true tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem tls_key_file = /etc/pki/dovecot/private/dovecot.pem --------------- The debug log is showing now slightly different msg ex: Dec 5 21:09:59 mktst4 dovecot: auth: Error: oauth2(mizuki,10.0.2.1,<29b4iv+YKuuCx5Tr>): oauth2 failed: Couldn't initialize SSL...

Hi! Running Dovecot 2.2.36 and authenticating against an OpenLDAP 2.4.45 server. Now since some update of dovecot it will not be able to authenticate your logins after a restart of the LDAP service is restarted without a reboot of the dovecot server. Anything new here that I should be aware of? Best Regards Dag

...cyrus-imapd with no problems; > > No actually the problem is cyrus-imapd: cyrus-imapd expects all users to use > imap (or pop3) to access their E-Mail. of course, what else do you expect? (SSL is not the problem, as I'm using cyrus-imapd with SSL) here my settings in /etc/imapd.conf tls_cert_file: /etc/pki/cyrus-imapd/tls.crt/mail-host.crt tls_key_file: /etc/pki/cyrus-imapd/tls.key/mail-host.key tls_ca_file: /etc/pki/cyrus-imapd/tls.crt/server-chain-sslca.crt tls_cipher_list: EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:ECDH+AESGCM:ECDH+AES:ECDH:AES:HIGH:MEDIUM:3DES...

...m using dovecot 2.2.9 (but after checking src/auth/db-ldap.c in 2.2.13 > there seems to be the same bug/feature). > > The userdb and passdb use LDAP. All further configuration is done in > auth-ldap.conf.ext. > > uri = ldaps://<host>/ > # tls = > tls_cert_file = /etc/ssl/certs/client-cert.pem > tls_key_file = /etc/ssl/certs/client-key.file > > Dovecot ignores the tls_* options. If I use an ldap:// URI and > switch on TLS using tls=yes it works as expected. > > But I do not see any reason why LDAPS should not read the tls_* >...

...sasl_mech = #sasl_realm = #sasl_authz_id = # Use TLS to connect to the LDAP server. tls = yes #tls = no tls_ca_cert_file = /etc/ssl/certs/ca/signing-ca.crt tls_ca_cert_dir = /etc/ssl/certs/ca #tls_cipher_suite = # TLS cert/key is used only if LDAP server requires a client certificate. #tls_cert_file = /etc/ssl/certs/mail.crt #tls_key_file = /etc/ssl/private/mail.key # Valid values: never, hard, demand, allow, try #tls_require_cert = never See some suggestions! Great thanks! muyuan

...> > rawlog_dir = /tmp/oauth2 > > > #force_introspection = yes > > > username_attribute = username > > > #active_attribute = active > > > #active_value = true > > > tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt > > > tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem > > > tls_key_file = /etc/pki/dovecot/private/dovecot.pem > > > > > > > > > --------------- > > > > > > > > > > > > > > > The debug log is showing now slightly different...

...elds can be used to specify defaults that LDAP may override #default_fields = home=/home/virtual/%u } # ======================== dovecot/dovecot-ldap.conf.ext =================== # hosts = 127.0.0.1:389 dn = uid=dovecot,ou=systemuser,ou=mail,dc=MyDomain,dc=TLD dnpass = TopSecret tls = yes tls_cert_file = /etc/ssl/RootCA/certs/192.168.50.101.pem tls_key_file = /etc/ssl/RootCA/certs/192.168.50.101.key debug_level = -1 auth_bind = yes ldap_version = 3 base = ou=accounts,ou=mail,dc=MyDomain,dc=TLD scope = subtree user_attrs = mailStorageDirectory=home, mailUidNumber=uid, mailGidNumber=gid, mailQuot...

...gt; >>>> #force_introspection = yes > >>>> username_attribute = username > >>>> #active_attribute = active > >>>> #active_value = true > >>>> tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt > >>>> tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem > >>>> tls_key_file = /etc/pki/dovecot/private/dovecot.pem > >>>> > >>>> > >>>> --------------- > >>>> > >>>> > >>>> > >>>> > >>>&...

...p vmail. Is there something wrong with my config that prevents switching to secondary groups? /etc/dovecot/dovecot-ldap.conf.ext: uris = ldap://ldap0.roessner-net.de/ ldap://db.roessner-net.de/ sasl_bind = yes sasl_mech = EXTERNAL tls = yes tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt tls_cert_file = /etc/ssl/certs/mx0.roessner-net.de.pem tls_key_file = /etc/ssl/private/mx0.roessner-net.de.key.pem tls_require_cert = hard base = ou=people,ou=it,dc=roessner-net,dc=de user_attrs = rnsMSQuota=quota_rule=*:storage=%$,rnsMSMailboxHome=home user_filter = (&(objectClass=rnsMSDovecotAccount)(rnsMS...

> On 22/09/2020 21:00 PGNet Dev <pgnet.dev at gmail.com> wrote: > > > On 9/22/20 10:51 AM, Aki Tuomi wrote: > >>> > > > > Well, dovecot does not actually do any parsing for system-wide openssl.cnf. This sounds more like OpenSSL issue than dovecot issue. > > I've NO issue with that config/setting with any _other_ app -- whether in general

...default_fields = home=/home/virtual/%u > } > > > > > > # ======================== dovecot/dovecot-ldap.conf.ext > =================== # > > hosts = 127.0.0.1:389 > dn = uid=dovecot,ou=systemuser,ou=mail,dc=MyDomain,dc=TLD > dnpass = TopSecret > tls = yes > tls_cert_file = /etc/ssl/RootCA/certs/192.168.50.101.pem > tls_key_file = /etc/ssl/RootCA/certs/192.168.50.101.key > debug_level = -1 > auth_bind = yes > ldap_version = 3 > base = ou=accounts,ou=mail,dc=MyDomain,dc=TLD > scope = subtree > user_attrs = mailStorageDirectory=home, mailUidNumbe...

...default_fields = home=/home/virtual/%u > } > > > > > > # ======================== dovecot/dovecot-ldap.conf.ext > =================== # > > hosts = 127.0.0.1:389 > dn = uid=dovecot,ou=systemuser,ou=mail,dc=MyDomain,dc=TLD > dnpass = TopSecret > tls = yes > tls_cert_file = /etc/ssl/RootCA/certs/192.168.50.101.pem > tls_key_file = /etc/ssl/RootCA/certs/192.168.50.101.key > debug_level = -1 > auth_bind = yes > ldap_version = 3 > base = ou=accounts,ou=mail,dc=MyDomain,dc=TLD > scope = subtree > user_attrs = mailStorageDirectory=home, mailUidNumbe...

...50 mail_plugins = autocreate quota acl fts fts_solr zlib mail_log notify imap_quota imap_acl imap_zlib } And here my ldap stuff: uris = ldap://ldap0.roessner-net.de/ ldap://db.roessner-net.de/ sasl_bind = yes sasl_mech = EXTERNAL tls = yes tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt tls_cert_file = /etc/ssl/certs/mx0.roessner-net.de.pem tls_key_file = /etc/ssl/private/mx0.roessner-net.de.key.pem tls_require_cert = hard base = ou=people,ou=it,dc=roessner-net,dc=de user_attrs = rnsMSQuota=quota_rule=*:storage=%$,rnsMSMailboxHome=home user_filter = (&(objectClass=rnsMSDovecotAccount)(rnsMS...

Hi Team, I have enabled LDAP authentication with webmail client and it works successfully. But I found an error with LDAP user's mail. Email is not loaded when I log with an LDAP user. Login phase is successful and mail box is the issue. I created a mail user without including LDAP and that user works fine. Issue comes only with LDAP users. *Anushka Bandara* Research Engineer Lanka Software

Am 12.08.2015 um 20:29 schrieb Dr J Austin: > > > On Wed, 12 Aug 2015, Alexander Dalloz wrote: > > >>> I have been working at trying to get cyrus to listen on 148.197.29.5 >>> interface instead of the localhost - I have failed >>> > >> No square brackets around the ip address. > > imap cmd="imapd" listen="imap"

...LDAP server. tls = yes # TLS options, currently supported only with OpenLDAP: #tls_ca_cert_file =/etc/ssl/certs/ldap.crt tls_ca_cert_file =/etc/ssl/certs/ldap6_cacert.pem #tls_ca_cert_dir =/etc/ssl/certs/ #tls_cipher_suite = # TLS cert/key is used only if LDAP server requires a client certificate. #tls_cert_file = /etc/ssl/certs/ldap01_slapd_cert.pem #tls_key_file = /etc/ssl/private/ldap01_slapd_key.pem # Valid values: never, hard, demand, allow, try #tls_require_cert = demand # Use the given ldaprc path. #ldaprc_path = # LDAP library debug level as specified by LDAP_DEBUG_* in ldap_log.h. # -1 = everyth...

..._id = imap/mx01.example.com at EXAMPLE.COM # Use TLS to connect to the LDAP server. #tls = yes # TLS options, currently supported only with OpenLDAP: tls_ca_cert_file = /etc/ipa/ca.crt #tls_ca_cert_dir = #tls_cipher_suite = # TLS cert/key is used only if LDAP server requires a client certificate. #tls_cert_file = #tls_key_file = # Valid values: never, hard, demand, allow, try tls_require_cert = demand # Use the given ldaprc path. #ldaprc_path = # LDAP library debug level as specified by LDAP_DEBUG_* in ldap_log.h. # -1 = everything. You may need to recompile OpenLDAP with debugging enabled # to get enou...

...logs. Configuration files look like this: [root at newmick etc]# cat /etc/imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_cert_file: /etc/pki/tls/certs/cyrus.pem tls_key_file: /etc/pki/tls/certs/cyrus.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt # uncomment this if you're operating in a DSCP environment (RFC-4594) # qosmarking: af13 [root at newmick etc]# [root at newmick etc]# cat /etc/cyrus.conf # standard standalon...