Package: dovecot-ldap Severity: normal Tags: upstream patch Dear Maintainer,
in dovecot-ldap.conf.ext: uri = ldaps://<host> # tls = tls_cert_file = <filename> tls_key_file = <filename> tls_<other options> = … All these options are ignored if I use ldaps:// as the URI schema. Switching to tls=yes doesn't help, because it enables STARTTLS, but ldaps:// implies an already started SSL tunnel. uri = ldap://<host> tls = yes tls_<other options> = … works. But depending on the LDAP server this isn't an option. Here a patch of grade 'works for me': <patch> --- dovecot-2.2.9/src/auth/db-ldap.c 2013-11-24 14:37:39.000000000 +0100 +++ dovecot-2.2.9.hs12/src/auth/db-ldap.c 2015-10-08 21:24:47.051446465 +0200 @@ -1043,7 +1043,7 @@ static void db_ldap_set_tls_options(struct ldap_connection *conn) { - if (!conn->set.tls) + if (!(conn->set.tls || strncmp(conn->set.uris, "ldaps:", 6) == 0)) return; #ifdef OPENLDAP_TLS_OPTIONS </patch> Actually the system the bug appears is an Ubuntu 14.04 LTS, Dovecot 2.2.9, but I checked 2.2.13 from the Dovecot HG repository, the relevant parts of db-ldap.c doesn't seem to be changed. So I suppose, the bug is there still. Greetings from Dresden, -- Heiko -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- dovecot-2.2.9/src/auth/db-ldap.c 2013-11-24 14:37:39.000000000 +0100 +++ dovecot-2.2.9.hs12/src/auth/db-ldap.c 2015-10-08 21:24:47.051446465 +0200 @@ -1043,7 +1043,7 @@ static void db_ldap_set_tls_options(struct ldap_connection *conn) { - if (!conn->set.tls) + if (!(conn->set.tls || strncmp(conn->set.uris, "ldaps:", 6) == 0)) return; #ifdef OPENLDAP_TLS_OPTIONS