similar to: can't dovecot tls/ssl to openldap

On a Debian10 I've installed postfix 3.4.14 and dovecot 2.3.4.1. I've configured multiple passdb sources and I expect that if one fails the other ones are tested. This is usually the case, except when the failure is due to an invalid certificate from the ldap server. In that case all authentication attempts from that moment on will fail. I've trimmed down the configuration as much as

Hi everybody, i just tried to install v 2.2.5 but i get the following mesage from configure : -----snipp---- checking for ldap_start_tls_s... no -----snipp---- grep in /usr/include tells me : -----snipp---- 486dx66:/usr/include # grep --line-number ldap_start_tls_s ldap* ldap.h:1075:ldap_start_tls_s LDAP_P(( 486dx66:/usr/include # -----snipp---- Looking into /usr/include/ldap.h from line

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 15 May 2019, Elias Falconi via dovecot wrote: > 2019-05-15 16:27:43 auth: Error: LDAP /etc/dovecot/dovecot-ldap.conf.ext: > ldap_start_tls_s() failed: Can't contact LDAP server > 2019-05-15 16:39:36 auth: Error: LDAP /etc/dovecot/dovecot-ldap.conf.ext: > ldap_start_tls_s() failed: Connect error > 2019-05-15 16:39:43 auth:

Hello, I am moving LDAP from one domain to another We have moved off of a.wustl.edu network to b.school.edu network. I have searched vi /etc/nslcd.conf vi /etc/openldap/ldap.conf and removed all referances to "a" I restarted /etc/init.d/nscd restart this is redhat 6.7, and my ldap server is now ldap.b.wustl.edu:389 a.school.edu to b.school.edu I keep getting messages

Hi list! I am trying to get dovecot to authenticate users against Novell eDirectory via LDAP. I have successfully gotten open-xchange to authenticate, and I have written a PHP module that authenticates, however I cannot seem to get Dovecot working. If I turn on TLS and restart dovecot, I get: dovecot: 2010-05-20 09:22:05 Error: auth(default): LDAP: ldap_start_tls_s() failed: Connect error

I have also tested with 2.2.28 and this version has the same issue. The finding of compatible ciphers is not the problem because I have uncommented the ldap entrys: TLSCipherSuite SECURE128:-ARCFOUR-128:-CAMELLIA-128-CBC:-3DES-CBC:-CAMELLIA-128-GCM TLSProtocolMin 3.1 Maybe you have further ideas. Am 2017-03-20 17:42, schrieb Aki Tuomi: >> On March 20, 2017 at 5:28 PM

Am 29.12.2015 um 22:03 schrieb Dan Hyatt: > Hello, > > I am moving LDAP from one domain to another > We have moved off of a.wustl.edu network to b.school.edu network. > > I have searched > vi /etc/nslcd.conf > > vi /etc/openldap/ldap.conf > > and removed all referances to "a" > > I restarted > /etc/init.d/nscd restart Wrong service

> On March 20, 2017 at 5:28 PM info at gwarband.de wrote: > > > Can sombody say something about this request? > > This is an email from the openldap-technical mailinglist from openldap. > > Systemdetails are mention in the other email. > > -------- Originalnachricht -------- > Betreff: Re: Dovecot can't connect to openldap over starttls > Datum:

Well, those actually *reduce* the possible algorithms that can be used, so uncommenting those can make things worse. Anyways, your pcap seems incomplete, can you try again? Aki > On March 20, 2017 at 8:14 PM info at gwarband.de wrote: > > > I have also tested with 2.2.28 and this version has the same issue. > > The finding of compatible ciphers is not the problem because I

Hi, I know I must have done some misconfiguration, but I do not know where to start searching for. All began when looking at my weekly cron message, where doveadm purge -A is run. That fails. So I tried doveadm quota -A as well, which several weeks ago was working perfectly. Example: doveadm quota get -A doveadm(root): Error: User listing returned failure doveadm: Error: Failed to iterate

Did you do some succesful lookup with something there? I can see few failed attempts and one that seems to have worked just fine. As pointed out earlier, are you using security frameworks like SELinux or AppArmor? Also, can you provide namei -l /etc/ssl/certs/LetsEncrypt.pem The failed attempts are really short, indicating a VERY early problem with SSL handshake. Aki > On March 20, 2017 at

Hi, We recently shutdown our old LDAP server and repointed our mail server (dovecot + postfix) to our new LDAP server and ever since we've been unable to fetch mail. Mail is getting delivered, but we just can't pop it. We're using Ubuntu 16.04, btw. We keep on getting the following error messages in /var/log/dovecote: 2019-05-15 16:27:43 auth: Error: LDAP

I have a new pcap from beginning to the end with openldap "TLS negoiation failed" https://gwarband.de/openldap/tracefile.dump The sourceports are 45376 and 45377 Tobias Am 2017-03-20 19:59, schrieb Aki Tuomi: > Well, those actually *reduce* the possible algorithms that can be > used, so uncommenting those can make things worse. > > Anyways, your pcap seems incomplete,

Could you copy LetsEncrypt.pem to a world-readable location, with world-readable rights, and see if this helps with your problem. I saw you tried with cat using su(do), but unfortunately supplementary groups are not always used with processes. Aki On 20.03.2017 23:09, info at gwarband.de wrote: > The one that works fine was my openxchange server, that loads contacts > from openldap. >

Can sombody say something about this request? This is an email from the openldap-technical mailinglist from openldap. Systemdetails are mention in the other email. -------- Originalnachricht -------- Betreff: Re: Dovecot can't connect to openldap over starttls Datum: 2017-03-20 16:18 Absender: Dan White <dwhite at cafedemocracy.org> Empf?nger: info at gwarband.de Kopie:

hi... i trying to have a secure conetion between dovecot and directory server, but i cant do it. The documentation are so poor ( http://wiki.dovecot.org/AuthDatabase/LDAP) these are my configurations files: (pre: i have a directory server accepting secure conections (port 389 via TLS and port 636 via SSL). File "/opt/csw/etc/dovecot-ldap.conf": hosts=100.0.4.98 dn =

The one that works fine was my openxchange server, that loads contacts from openldap. In my opinion I don't have installed a security framework list SELinux or AppArmor. The output of namei -l /etc/ssl/certs/LetsEncrypt.pem f: /etc/ssl/certs/LetsEncrypt.pem drwxr-xr-x root root / drwxr-xr-x root root etc drwxr-xr-x root root ssl drwxr-xr-x root root certs lrwxrwxrwx root

Hi All, Any thoughts on why, while everything seems ok at the OS level (getent , id -a ) Samba doesn't pickup any supplementary groups when Solaris is configured with 'group: files ldap' in nsswitch.conf and using it's own native nss_ldap.so.1 but does when using PADL's nss_ldap? Everything else is equal. Do they use/accept different calls or could it be an

FYI.... There is a bu in the configure script for 2.2.5 that prevents the script from locating the start_tls function in the OpenLDAP 2.0.x libs. Apply this patch and rerun autoconf. Should fix it. Patches configure.in and passdb/pdb_ldap.c Sorry for the inconvience. cheers, jerry --------------------------------------------------------------------- Hewlett-Packard

On 01/06/2016 01:34 PM, Lee Brown wrote: > On Wed, Jan 6, 2016 at 10:36 AM, Graham Allan <allan at physics.umn.edu > <mailto:allan at physics.umn.edu>> wrote: > > On 01/06/2016 09:53 AM, Graham Allan wrote: > > > The packet dump is a good idea. I get the same failure using > straight > SSL to port 636, but wireshark might be able