Displaying 20 results from an estimated 23 matches for "tls_key_file".
2015 Oct 08
2
Dovecot auth-ldap ignores tls_* settings when using ldaps://
...2.9 (but after checking src/auth/db-ldap.c in 2.2.13
there seems to be the same bug/feature).
The userdb and passdb use LDAP. All further configuration is done in
auth-ldap.conf.ext.
uri = ldaps://<host>/
# tls =
tls_cert_file = /etc/ssl/certs/client-cert.pem
tls_key_file = /etc/ssl/certs/client-key.file
Dovecot ignores the tls_* options. If I use an ldap:// URI and
switch on TLS using tls=yes it works as expected.
But I do not see any reason why LDAPS should not read the tls_*
settings.
This small patch solved it for me
--- dovecot-2.2.9/src/auth/db-ldap.c 2...
2019 Dec 08
2
Dovecot & OAuth
...yes
>>>> username_attribute = username
>>>> #active_attribute = active
>>>> #active_value = true
>>>> tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt
>>>> tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
>>>> tls_key_file = /etc/pki/dovecot/private/dovecot.pem
>>>>
>>>>
>>>> ---------------
>>>>
>>>>
>>>>
>>>>
>>>> The debug log is showing now slightly different msg ex:
>>>>
>>>> Dec 5...
2019 Dec 06
4
Dovecot & OAuth
...token/introspect
introspection_mode = post
debug = yes
rawlog_dir = /tmp/oauth2
#force_introspection = yes
username_attribute = username
#active_attribute = active
#active_value = true
tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt
tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
tls_key_file = /etc/pki/dovecot/private/dovecot.pem
---------------
The debug log is showing now slightly different msg ex:
Dec 5 21:09:59 mktst4 dovecot: auth: Error:
oauth2(mizuki,10.0.2.1,<29b4iv+YKuuCx5Tr>): oauth2 failed: Couldn't
initialize SSL context: Can't load SSL certificate: There is...
2019 May 08
2
Dovecot not surviving OpenLDAP restart
Hi!
Running Dovecot 2.2.36 and authenticating against
an OpenLDAP 2.4.45 server.
Now since some update of dovecot it will not be able to authenticate
your logins after a restart of the LDAP service is restarted
without a reboot of the dovecot server.
Anything new here that I should be aware of?
Best Regards
Dag
2018 Jun 22
0
Imap daemons for CentOS 6 (other then cyrus-imapd)
...roblem is cyrus-imapd: cyrus-imapd expects all users to
use
> imap (or pop3) to access their E-Mail.
of course, what else do you expect?
(SSL is not the problem, as I'm using cyrus-imapd with SSL)
here my settings in /etc/imapd.conf
tls_cert_file: /etc/pki/cyrus-imapd/tls.crt/mail-host.crt
tls_key_file: /etc/pki/cyrus-imapd/tls.key/mail-host.key
tls_ca_file: /etc/pki/cyrus-imapd/tls.crt/server-chain-sslca.crt
tls_cipher_list:
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:ECDH+AESGCM:ECDH+AES:ECDH:AES:HIGH:MEDIUM:3DES:!SSLv2:+SSLv3:!RC4:!MD5:!IDEA:!SEED:!aNULL:!eNULL:!LOW:!...
2015 Oct 13
0
Dovecot auth-ldap ignores tls_* settings when using ldaps://
...c in 2.2.13
> there seems to be the same bug/feature).
>
> The userdb and passdb use LDAP. All further configuration is done in
> auth-ldap.conf.ext.
>
> uri = ldaps://<host>/
> # tls =
> tls_cert_file = /etc/ssl/certs/client-cert.pem
> tls_key_file = /etc/ssl/certs/client-key.file
>
> Dovecot ignores the tls_* options. If I use an ldap:// URI and
> switch on TLS using tls=yes it works as expected.
>
> But I do not see any reason why LDAPS should not read the tls_*
> settings.
I guess.
> This small patch solved it for...
2013 Sep 23
0
can't dovecot tls/ssl to openldap
...=
# Use TLS to connect to the LDAP server.
tls = yes
#tls = no
tls_ca_cert_file = /etc/ssl/certs/ca/signing-ca.crt
tls_ca_cert_dir = /etc/ssl/certs/ca
#tls_cipher_suite =
# TLS cert/key is used only if LDAP server requires a client certificate.
#tls_cert_file = /etc/ssl/certs/mail.crt
#tls_key_file = /etc/ssl/private/mail.key
# Valid values: never, hard, demand, allow, try
#tls_require_cert = never
See some suggestions!
Great thanks!
muyuan
2019 Dec 06
0
Dovecot & OAuth
...tion = yes
> > > username_attribute = username
> > > #active_attribute = active
> > > #active_value = true
> > > tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt
> > > tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
> > > tls_key_file = /etc/pki/dovecot/private/dovecot.pem
> > >
> > >
> > > ---------------
> > >
> > >
> > >
> > >
> > > The debug log is showing now slightly different msg ex:
> > >
> > > Dec 5 21:09:59 mktst4 dove...
2015 Jan 26
4
imap-login: Fatal: pipe() failed: Too many open files
...de
#default_fields = home=/home/virtual/%u
}
# ======================== dovecot/dovecot-ldap.conf.ext
=================== #
hosts = 127.0.0.1:389
dn = uid=dovecot,ou=systemuser,ou=mail,dc=MyDomain,dc=TLD
dnpass = TopSecret
tls = yes
tls_cert_file = /etc/ssl/RootCA/certs/192.168.50.101.pem
tls_key_file = /etc/ssl/RootCA/certs/192.168.50.101.key
debug_level = -1
auth_bind = yes
ldap_version = 3
base = ou=accounts,ou=mail,dc=MyDomain,dc=TLD
scope = subtree
user_attrs = mailStorageDirectory=home, mailUidNumber=uid,
mailGidNumber=gid, mailQuotaSize=quota_rule=*:bytes=%$,
mailQuotaCount=quota_rule2...
2019 Dec 10
0
Dovecot & OAuth
...rname_attribute = username
> >>>> #active_attribute = active
> >>>> #active_value = true
> >>>> tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt
> >>>> tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
> >>>> tls_key_file = /etc/pki/dovecot/private/dovecot.pem
> >>>>
> >>>>
> >>>> ---------------
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> The debug log is showing now slightly different msg ex:
> >>...
2012 Mar 29
1
File/folder permission issues in 2.1.3
...revents switching to secondary groups?
/etc/dovecot/dovecot-ldap.conf.ext:
uris = ldap://ldap0.roessner-net.de/ ldap://db.roessner-net.de/
sasl_bind = yes
sasl_mech = EXTERNAL
tls = yes
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
tls_cert_file = /etc/ssl/certs/mx0.roessner-net.de.pem
tls_key_file = /etc/ssl/private/mx0.roessner-net.de.key.pem
tls_require_cert = hard
base = ou=people,ou=it,dc=roessner-net,dc=de
user_attrs = rnsMSQuota=quota_rule=*:storage=%$,rnsMSMailboxHome=home
user_filter = (&(objectClass=rnsMSDovecotAccount)(rnsMSRecipientAddress=%u))
pass_attrs = rnsMSDeliverToAddre...
2020 Sep 23
2
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
> On 22/09/2020 21:00 PGNet Dev <pgnet.dev at gmail.com> wrote:
>
>
> On 9/22/20 10:51 AM, Aki Tuomi wrote:
> >>>
> >
> > Well, dovecot does not actually do any parsing for system-wide openssl.cnf. This sounds more like OpenSSL issue than dovecot issue.
>
> I've NO issue with that config/setting with any _other_ app -- whether in general
2015 Jan 26
0
imap-login: Fatal: pipe() failed: Too many open files
...gt;
>
> # ======================== dovecot/dovecot-ldap.conf.ext
> =================== #
>
> hosts = 127.0.0.1:389
> dn = uid=dovecot,ou=systemuser,ou=mail,dc=MyDomain,dc=TLD
> dnpass = TopSecret
> tls = yes
> tls_cert_file = /etc/ssl/RootCA/certs/192.168.50.101.pem
> tls_key_file = /etc/ssl/RootCA/certs/192.168.50.101.key
> debug_level = -1
> auth_bind = yes
> ldap_version = 3
> base = ou=accounts,ou=mail,dc=MyDomain,dc=TLD
> scope = subtree
> user_attrs = mailStorageDirectory=home, mailUidNumber=uid,
> mailGidNumber=gid, mailQuotaSize=quota_rule=*:by...
2015 Jan 26
0
imap-login: Fatal: pipe() failed: Too many open files
...gt;
>
> # ======================== dovecot/dovecot-ldap.conf.ext
> =================== #
>
> hosts = 127.0.0.1:389
> dn = uid=dovecot,ou=systemuser,ou=mail,dc=MyDomain,dc=TLD
> dnpass = TopSecret
> tls = yes
> tls_cert_file = /etc/ssl/RootCA/certs/192.168.50.101.pem
> tls_key_file = /etc/ssl/RootCA/certs/192.168.50.101.key
> debug_level = -1
> auth_bind = yes
> ldap_version = 3
> base = ou=accounts,ou=mail,dc=MyDomain,dc=TLD
> scope = subtree
> user_attrs = mailStorageDirectory=home, mailUidNumber=uid,
> mailGidNumber=gid, mailQuotaSize=quota_rule=*:by...
2012 May 13
2
doveadm not working
...zlib mail_log notify imap_quota imap_acl imap_zlib
}
And here my ldap stuff:
uris = ldap://ldap0.roessner-net.de/ ldap://db.roessner-net.de/
sasl_bind = yes
sasl_mech = EXTERNAL
tls = yes
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
tls_cert_file = /etc/ssl/certs/mx0.roessner-net.de.pem
tls_key_file = /etc/ssl/private/mx0.roessner-net.de.key.pem
tls_require_cert = hard
base = ou=people,ou=it,dc=roessner-net,dc=de
user_attrs = rnsMSQuota=quota_rule=*:storage=%$,rnsMSMailboxHome=home
user_filter = (&(objectClass=rnsMSDovecotAccount)(rnsMSRecipientAddress=%u))
pass_attrs = rnsMSDeliverToAddre...
2019 Mar 18
4
LDAP users issue
Hi Team,
I have enabled LDAP authentication with webmail client and it works
successfully. But I found an error with LDAP user's mail. Email is not
loaded when I log with an LDAP user. Login phase is successful and mail box
is the issue. I created a mail user without including LDAP and that user
works fine.
Issue comes only with LDAP users.
*Anushka Bandara*
Research Engineer
Lanka Software
2015 Aug 12
1
C6.7 evolution to cyrus imap(s) fails
Am 12.08.2015 um 20:29 schrieb Dr J Austin:
>
>
> On Wed, 12 Aug 2015, Alexander Dalloz wrote:
>
>
>>> I have been working at trying to get cyrus to listen on 148.197.29.5
>>> interface instead of the localhost - I have failed
>>>
>
>> No square brackets around the ip address.
>
> imap cmd="imapd" listen="imap"
2019 May 15
2
Dovecot not connecting to OpenLDAP
...ted only with OpenLDAP:
#tls_ca_cert_file =/etc/ssl/certs/ldap.crt
tls_ca_cert_file =/etc/ssl/certs/ldap6_cacert.pem
#tls_ca_cert_dir =/etc/ssl/certs/
#tls_cipher_suite =
# TLS cert/key is used only if LDAP server requires a client certificate.
#tls_cert_file = /etc/ssl/certs/ldap01_slapd_cert.pem
#tls_key_file = /etc/ssl/private/ldap01_slapd_key.pem
# Valid values: never, hard, demand, allow, try
#tls_require_cert = demand
# Use the given ldaprc path.
#ldaprc_path =
# LDAP library debug level as specified by LDAP_DEBUG_* in ldap_log.h.
# -1 = everything. You may need to recompile OpenLDAP with debuggin...
2016 Oct 24
2
Problem to configure dovecot-ldap.conf.ext
...xample.com at EXAMPLE.COM
# Use TLS to connect to the LDAP server.
#tls = yes
# TLS options, currently supported only with OpenLDAP:
tls_ca_cert_file = /etc/ipa/ca.crt
#tls_ca_cert_dir =
#tls_cipher_suite =
# TLS cert/key is used only if LDAP server requires a client certificate.
#tls_cert_file =
#tls_key_file =
# Valid values: never, hard, demand, allow, try
tls_require_cert = demand
# Use the given ldaprc path.
#ldaprc_path =
# LDAP library debug level as specified by LDAP_DEBUG_* in ldap_log.h.
# -1 = everything. You may need to recompile OpenLDAP with debugging enabled
# to get enough output.
#debu...
2011 Aug 10
3
sieveshell fails to start on CentOS 6.0
...[root at newmick etc]# cat /etc/imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_cert_file: /etc/pki/tls/certs/cyrus.pem
tls_key_file: /etc/pki/tls/certs/cyrus.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
# uncomment this if you're operating in a DSCP environment (RFC-4594)
# qosmarking: af13
[root at newmick etc]#
[root at newmick etc]# cat /etc/cyrus.conf
# standard standalone server implementation
START {
# do no...