Hi, I want to dovecot connect to openldap with ssl/tls, and got error.
When without tls/ssl, it works ok. from /var/log/maillog got: Sep 24 05:38:03 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed: Connect error Sep 24 05:38:03 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed: Can't contact LDAP server Sep 24 05:38:03 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed: Can't contact LDAP server Sep 24 05:38:05 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<muyuan>, method=PLAIN, rip=192.168.100.99, lip=10.10.120.20, TLS: Disconnected, session=<wSvD1RPnWwDAqGRj> Sep 24 05:38:11 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed: Can't contact LDAP server Sep 24 05:38:13 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<muyuan>, method=PLAIN, rip=192.168.100.99, lip=10.10.120.20, TLS: Disconnected, session=<2T761RPnXADAqGRj> But when I use ldapsearch, it seems also ok I use this from dovecot host ldapsearch -D "cn=dovecot,ou=bindusers,dc=smuy,dc=net" -W -H ldap://ldap.sv. hm -b "ou=accounts,dc=smuy,dc=net" �CZZ it works ok So I have no idea where to check? Or how can I got more detailed log from dovecot for that connection Sep 24 05:38:03 mail dovecot: auth: Error: LDAP: ldap_start_tls_s() failed: Connect error Because I use ldapsearch both tls/ssl works well, why dovecot connect error? What’s the detail happen in this connection? Here is my dovecot-ldap.conf.ext: # This file is commonly accessed via passdb {} or userdb {} section in # conf.d/auth-ldap.conf.ext # Space separated list of LDAP hosts to use. host:port is allowed too. #hosts = ldap.sv.hm #uris = ldaps://ldap.sv.hm:636/ uris = ldap://ldap.sv.hm:389/ dn = cn=dovecot,ou=bindusers,dc=smuy,dc=net dnpass = 1qaz2wsx #sasl_bind = no #sasl_mech = #sasl_realm = #sasl_authz_id = # Use TLS to connect to the LDAP server. tls = yes #tls = no tls_ca_cert_file = /etc/ssl/certs/ca/signing-ca.crt tls_ca_cert_dir = /etc/ssl/certs/ca #tls_cipher_suite = # TLS cert/key is used only if LDAP server requires a client certificate. #tls_cert_file = /etc/ssl/certs/mail.crt #tls_key_file = /etc/ssl/private/mail.key # Valid values: never, hard, demand, allow, try #tls_require_cert = never See some suggestions! Great thanks! muyuan