On 05/05/2026 18:34, Tom via Postfix-users wrote:
When trying a secure LDAP (works fine without TLS/SSL) connection, it fails with
"Unable to bind to server" on the postmap end, and "TLS negotiation failure"
on the OpenLDAP end.
Using ldapsearch from the postfix host succeeds with both SSL and TLS. So does
"openssl s_client".
All the certificates are up to date and correspond to the host and URLs.
So it's not a problem with TLS or SSL on the OpenLDAP or postfix host, just the
combination of postfix to OpenLDAP.
-------------------------------------------------------------------------------
[snip]
-------------------------------------------------------------------------------
I have full logging set up but cannot see what the issue is. Any ideas?
_______________________________________________
Postfix-users mailing list [email protected]
To unsubscribe send an email [email protected]
Hi
I think you need to specify the port explicitly in the URL, else despite
the ldaps schema, connection will go to the default ldap port 389. I
believe that postfix ignores the server_port setting if you are using an
URL in the server_host setting.
ldaps://ldap.redacted.com:636
John
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
