Package: dovecot-ldap
Severity: normal
Tags: upstream patch
Dear Maintainer,
in dovecot-ldap.conf.ext:
uri = ldaps://<host>
# tls =
tls_cert_file = <filename>
tls_key_file = <filename>
tls_<other options> = …
All these options are ignored if I use ldaps:// as the URI schema.
Switching to tls=yes doesn't help, because it enables STARTTLS, but
ldaps:// implies an already started SSL tunnel.
uri = ldap://<host>
tls = yes
tls_<other options> = …
works. But depending on the LDAP server this isn't an option.
Here a patch of grade 'works for me':
<patch>
--- dovecot-2.2.9/src/auth/db-ldap.c 2013-11-24 14:37:39.000000000 +0100
+++ dovecot-2.2.9.hs12/src/auth/db-ldap.c 2015-10-08 21:24:47.051446465
+0200
@@ -1043,7 +1043,7 @@
static void db_ldap_set_tls_options(struct ldap_connection *conn)
{
- if (!conn->set.tls)
+ if (!(conn->set.tls || strncmp(conn->set.uris, "ldaps:", 6) == 0))
return;
#ifdef OPENLDAP_TLS_OPTIONS
</patch>
Actually the system the bug appears is an Ubuntu 14.04 LTS, Dovecot
2.2.9, but I checked 2.2.13 from the Dovecot HG repository, the relevant
parts of db-ldap.c doesn't seem to be changed. So I suppose, the bug is
there still.
Greetings from Dresden,
--
Heiko
-- System Information:
Debian Release: 8.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- dovecot-2.2.9/src/auth/db-ldap.c 2013-11-24 14:37:39.000000000 +0100
+++ dovecot-2.2.9.hs12/src/auth/db-ldap.c 2015-10-08 21:24:47.051446465 +0200
@@ -1043,7 +1043,7 @@
static void db_ldap_set_tls_options(struct ldap_connection *conn)
{
- if (!conn->set.tls)
+ if (!(conn->set.tls || strncmp(conn->set.uris, "ldaps:", 6) == 0))
return;
#ifdef OPENLDAP_TLS_OPTIONS
