On 2026-05-06 09:00, John Fawcett via Postfix-users wrote: > my suggestion would be to set debuglevel parameter which will then be passed > to openldap client library and may provide some additional info. For suitable > values, check the openldap documentation.
openldap is at max debug and says "TLS negotiation failure" Getting this with postfix debuglevel set to 1: ------------------------------------------ postmap: dict_ldap_debug: TLS trace: SSL_connect:before SSL initialization postmap: dict_ldap_debug: TLS trace: SSL_connect:SSLv3/TLS write client hello postmap: dict_ldap_debug: TLS trace: SSL_connect:error in SSLv3/TLS write client hello postmap: dict_ldap_debug: ldap_int_tls_start: ldap_int_tls_connect needs read postmap: dict_ldap_debug: ldap_int_tls_start: ld 0x56531d9da970 4 s 999329 us to go postmap: dict_ldap_debug: ldap_int_poll: fd: 4 tm: 4 postmap: dict_ldap_debug: ldap_is_sock_ready: 4 postmap: dict_ldap_debug: ldap_ndelay_off: 4 postmap: dict_ldap_debug: TLS trace: SSL_connect:SSLv3/TLS write client hello postmap: dict_ldap_debug: TLS trace: SSL_connect:SSLv3/TLS read server hello postmap: dict_ldap_debug: TLS trace: SSL_connect:TLSv1.3 read encrypted extensions postmap: dict_ldap_debug: TLS trace: SSL_connect:SSLv3/TLS read server certificate request postmap: dict_ldap_debug: TLS certificate verification: depth: 1, err: 2, subject: /C=US/O=Let's Encrypt/CN=E7, postmap: dict_ldap_debug: issuer: /C=US/O=Internet Security Research Group/CN=ISRG Root X1 postmap: dict_ldap_debug: TLS certificate verification: Error, unable to get issuer certificate postmap: dict_ldap_debug: TLS trace: SSL_connect:SSLv3/TLS read server certificate postmap: dict_ldap_debug: TLS trace: SSL_connect:TLSv1.3 read server certificate verify postmap: dict_ldap_debug: TLS trace: SSL_connect:SSLv3/TLS read finished postmap: dict_ldap_debug: TLS trace: SSL_connect:SSLv3/TLS write change cipher spec postmap: dict_ldap_debug: TLS trace: SSL_connect:TLSv1.3 write client compressed certificate postmap: dict_ldap_debug: TLS trace: SSL_connect:SSLv3/TLS write certificate verify postmap: dict_ldap_debug: TLS trace: SSL_connect:SSLv3/TLS write finished postmap: dict_ldap_debug: TLS trace: SSL3 alert read:fatal:unsupported certificate ------------------------------------------ _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
