search for: tls_require_cert

I've tested your soulution, but it also says the same error. I've tested all combinations of: - tls_ca_cert_file = <cert> - tls = yes - tls_require_cert = demand Every time it says "Connection error". Only when tls is uncommented it says "TLS required". Additional information from my contact with the openldap-technical mailing list: The ldapsearch under the user dovecot with -ZZ works fine. And they mention that the ldap.conf...

...-Dv i get "permission denied, no lookup rights". in my dovecot-ldap-userdb.conf.ext is hosts = ldap.server.example dn = cn=service_id,ou=mailserver,ou=system,ou=services,dc=server,dc=example dnpass = protectedpassword12345 tls = yes tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt tls_require_cert = demand ldap_version = 3 base = ou=users,dc=server,dc=example deref = always scope = subtree user_attrs = =home={ldap:dcMailMessageStore},system_groups_user=%u,allow_all_users=yes,=acl_groups=%{env:ACL_GROUPS} user_filter = (&(objectClass=posixAccount)(uid=%u)(!(sn=NoLogin))(|(memberof=cn=perm...

...some little thing in the configuration... Tomas On 03/20/2017 02:04 PM, info at gwarband.de wrote: > I've tested your soulution, but it also says the same error. > I've tested all combinations of: > - tls_ca_cert_file = <cert> > - tls = yes > - tls_require_cert = demand > > Every time it says "Connection error". > Only when tls is uncommented it says "TLS required". > > Additional information from my contact with the openldap-technical > mailing list: > The ldapsearch under the user dovecot with -ZZ works fine. &...

The serverlog of openldap with loglevel "any": https://gwarband.de/openldap/openldap-connect.log Note: openldap waits 1 Minute before he says "TLS negotiation failure" after the connect. and dovecot says direct "Connect error" I've also delete the TLSCipherSuite from openldap. Tobias Am 2017-03-18 14:01, schrieb Tomas Habarta: > Increase log level on server

I've finally managed that running on Debian 8 test machine by commenting tls_ca_cert_file = option from dovecot-ldap.conf, so only tls = yes tls_require_cert = demand Not sure why is that as on my CentOS6 Dovecot works even with that commented option. May be that CentOS and Debian uses different ldap library or different versions or there's another peculiarity ... Anyway, when tls_require_cert = demand is set, cite: -- With a setting of demand the...

...= /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } protocol imap { mail_max_userip_connections = 20 } root at littera001:/etc/dovecot# root at littera001:/etc/dovecot# cat /etc/dovecot/dovecot-ldap.conf.ext | grep -v ^# | uniq | more hosts = censor001.plerumque.thecrazyguys.net tls = yes tls_require_cert = allow debug_level = 4 auth_bind = yes base = ou=%d,dc=thecrazyguys,dc=net scope = subtree user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(uid=%n)) blocking = no root at littera001:/etc/dovecot#

...168.1.2/24 { doveadm_password = # hidden, use -P to show it } # cat /usr/local/etc/dovecot/dovecot-ldap.conf uris = ldaps://192.168.1.2:636 # allow self-sign sert (not skip connect if sert not valid) tls_ca_cert_dir = /home/user/openldap/ tls_ca_cert_file = /home/user/openldap/ca-slapd-serv.crt tls_require_cert = allow dn = cn=dovecot,ou=accounts,dc=host,dc=ru dnpass = CycsonfeavaidOr ldap_version = 3 #auth_bind = no base = ou=accounts,dc=host,dc=ru deref = never scope = subtree user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid,mailDirectory=mail,description=proxy,ipHostNumber=host,=nopassword=y...

...protocol imap { > mail_max_userip_connections = 20 > } > root at littera001:/etc/dovecot# > > root at littera001:/etc/dovecot# cat /etc/dovecot/dovecot-ldap.conf.ext | > grep -v ^# | uniq | more > > hosts = censor001.plerumque.thecrazyguys.net > > tls = yes > tls_require_cert = allow > > debug_level = 4 > > auth_bind = yes > > base = ou=%d,dc=thecrazyguys,dc=net > > scope = subtree > > user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid > > user_filter = (&(objectClass=posixAccount)(uid=%n)) > > blocking = no...

Hi! Running Dovecot 2.2.36 and authenticating against an OpenLDAP 2.4.45 server. Now since some update of dovecot it will not be able to authenticate your logins after a restart of the LDAP service is restarted without a reboot of the dovecot server. Anything new here that I should be aware of? Best Regards Dag

...domain,dc=dom ldap_version = 3 auth_bind = yes auth_bind_userdn = windowsdomain\%u user_filter = (&(objectclass=person)(|(mail=%u)(sAMAccountName=%n))) user_attrs = =uid=vmail,=gid=vmail,=home=/users/vmail/maildomain.com/%n,=mail_location=maildir:/users/vmail/maildomain.com/%n/Maildir tls = yes tls_require_cert = never dovecot -n --------------- # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-229.4.2.el7.x86_64 x86_64 CentOS Linux release 7.1.1503 (Core) xfs auth_debug = yes auth_mechanisms = plain login listen = * mail_debug = yes mail_location = maildir:/users/vmail/maildomain.com/%n/Maildir m...

...rights". > > in my dovecot-ldap-userdb.conf.ext is > > hosts = ldap.server.example > dn = cn=service_id,ou=mailserver,ou=system,ou=services,dc=server,dc=example > dnpass = protectedpassword12345 > tls = yes > tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt > tls_require_cert = demand > ldap_version = 3 > base = ou=users,dc=server,dc=example > deref = always > scope = subtree > user_attrs = > =home={ldap:dcMailMessageStore},system_groups_user=%u,allow_all_users=yes,=acl_groups=%{env:ACL_GROUPS} > user_filter = > (&(objectClass=posixAccount)(u...

...etc/dovecot/dovecot-ldap.conf.ext ? driver = ldap ? result_failure = return-fail } protocol imap { ... } protocol pop3 { ... } # grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext uris = ldaps://ldap.URL dn = uid=auth,o=domain,c=TLD dnpass = **** sasl_bind = no tls_ca_cert_dir = /etc/ssl/certs tls_require_cert = demand ldap_version = 3 base = ou=mail,o=asd,c=TLD deref = never scope = subtree user_attrs = =home=/dev/null/%Ld/%L{ldap:uid}, mailQuota=quota_rule=*:bytes=%$ user_filter = (objectClass=inetMailUser) pass_attrs = userPassword=password pass_filter = (objectClass=inetMailUser) iterate_attrs = mail...

...etc/dovecot/dovecot-ldap.conf.ext ? driver = ldap ? result_failure = return-fail } protocol imap { ... } protocol pop3 { ... } # grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext uris = ldaps://ldap.URL dn = uid=auth,o=domain,c=TLD dnpass = **** sasl_bind = no tls_ca_cert_dir = /etc/ssl/certs tls_require_cert = demand ldap_version = 3 base = ou=mail,o=asd,c=TLD deref = never scope = subtree user_attrs = =home=/dev/null/%Ld/%L{ldap:uid}, mailQuota=quota_rule=*:bytes=%$ user_filter = (objectClass=inetMailUser) pass_attrs = userPassword=password pass_filter = (objectClass=inetMailUser) iterate_attrs = mail...

...tc/ssl/certs/ca/signing-ca.crt tls_ca_cert_dir = /etc/ssl/certs/ca #tls_cipher_suite = # TLS cert/key is used only if LDAP server requires a client certificate. #tls_cert_file = /etc/ssl/certs/mail.crt #tls_key_file = /etc/ssl/private/mail.key # Valid values: never, hard, demand, allow, try #tls_require_cert = never See some suggestions! Great thanks! muyuan

...e LDAP users only (not local UNIX users - not using nsswitch). dovecot-ldap-userdb.conf is a symbolic link to dovecot-ldap.conf # grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-ldap.conf uris = ldaps://mail.example.com/ dn = uid=mail,ou=Services,dc=example,dc=com dnpass = ****************** tls_require_cert = hard auth_bind = yes base = ou=People,dc=example,dc=com user_attrs = quota=quota_rule=*:storage=%$M user_filter = (&(objectClass=posixAccount)(mail=%u)) pass_attrs = uid=mail,userPassword=password pass_filter = (&(objectClass=posixAccount)(mail=%u)) Now, mail addressed to user at example...

...= /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } protocol imap { mail_max_userip_connections = 20 } root at littera001:/etc/dovecot# root at littera001:/etc/dovecot# cat /etc/dovecot/dovecot-ldap.conf.ext | grep -v ^# | uniq | more hosts = censor001.plerumque.thecrazyguys.net tls = yes tls_require_cert = allow debug_level = 4 auth_bind = yes base = ou=%d,dc=thecrazyguys,dc=net scope = subtree user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(uid=%n)) blocking = no root at littera001:/etc/dovecot#

...ot-ldap.conf.ext: uris = ldap://ldap0.roessner-net.de/ ldap://db.roessner-net.de/ sasl_bind = yes sasl_mech = EXTERNAL tls = yes tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt tls_cert_file = /etc/ssl/certs/mx0.roessner-net.de.pem tls_key_file = /etc/ssl/private/mx0.roessner-net.de.key.pem tls_require_cert = hard base = ou=people,ou=it,dc=roessner-net,dc=de user_attrs = rnsMSQuota=quota_rule=*:storage=%$,rnsMSMailboxHome=home user_filter = (&(objectClass=rnsMSDovecotAccount)(rnsMSRecipientAddress=%u)) pass_attrs = rnsMSDeliverToAddress=user,userPassword=password pass_filter = (&(objectClass=r...

...Non working LDAP configuration # /etc/dovecot/dovecot-ldap-new.conf.ext uris = ldap://dir.greenhills-it.co.uk dn = "cn=dovecot,ou=search accounts,ou=services,dc=greenhills-it,dc=co,dc=uk" dnpass = VerySecret sasl_bind = no tls = yes tls_ca_cert_file = /etc/ssl/certs/GreenhillsCACert.pem tls_require_cert = demand debug_level = -1 auth_bind = yes ldap_version = 3 base = ou=customers,dc=greenhills-it,dc=co,dc=uk scope = subtree user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid,ukFirmGhITAccMailQuota=quota_rule=*:storage=%$M user_filter = (&(&(ukFirmGhITAccSrvcs=Email)(ukFirmGhITAc...

...quota quota_rule: *:storage=10GB quota_rule2: Trash:storage=10%% sieve_dir: /var/vmail/%u/home/sieve sieve: /var/sieve-scripts/%u.sieve ############################## dovecot-ldap.conf: uris = ldaps://ldap.mydomain ldaps://ldap2.mydomain tls = no tls_ca_cert_file = /etc/pki/CA/chaine.crt tls_require_cert = never auth_bind = yes auth_bind_userdn = uid=%u,ou=people,dc=mydomain base = ou=people,dc=mydomain user_attrs = mailMessageStore=mail,mailQuotaSize=quota_rule=*:bytes=%$ user_filter = (&(accountStatus=active)(uid=%n)) pass_filter = (&(accountStatus=active)(uid=%u)) #######################...

...protocol imap { > mail_max_userip_connections = 20 > } > root at littera001:/etc/dovecot# > > root at littera001:/etc/dovecot# cat /etc/dovecot/dovecot-ldap.conf.ext | > grep -v ^# | uniq | more > > hosts = censor001.plerumque.thecrazyguys.net > > tls = yes > tls_require_cert = allow > > debug_level = 4 > > auth_bind = yes > > base = ou=%d,dc=thecrazyguys,dc=net > > scope = subtree > > user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid > > user_filter = (&(objectClass=posixAccount)(uid=%n)) > > blocking = no...