inalnachricht
Betreff: Re: Dovecot can't connect to openldap over starttls
Datum: 2017-03-20 16:18
Absender: Dan White <dwh...@cafedemocracy.org>
Empfänger: i...@gwarband.de
Kopie: openldap-techni...@openldap.org
On 03/20/17 16:06 +0100, i...@gwarband.de wrote:
Debug Dovec
>> SECURE128:-ARCFOUR-128:-CAMELLIA-128-CBC:-3DES-CBC:-CAMELLIA-128-GCM
>>>>> TLSProtocolMin 3.1
>>>>>
>>>>> Maybe you have further ideas.
>>>>>
>>>>> Am 2017-03-20 17:42, schrieb Aki Tuomi:
>>>>&
Systemdetails are mention in the other email.
Originalnachricht
Betreff: Re: Dovecot can't connect to openldap over starttls
Datum: 2017-03-20 16:18
Absender: Dan White <dwh...@cafedemocracy.org>
Empfänger: i...@gwarband.de
Kopie: openldap-techni...@openldap.org
On 03/2
have further ideas.
> >>
> >> Am 2017-03-20 17:42, schrieb Aki Tuomi:
> >>>> On March 20, 2017 at 5:28 PM i...@gwarband.de wrote:
> >>>>
> >>>>
> >>>> Can sombody say something about this request?
> >>>>
>
The user "dovecot" can access and read the cert.
Here is an output of the console:
https://gwarband.de/openldap/dovecot-certs.log
So I think there is nothing what prevent Dovecot to access the file.
Tobias
Am 2017-03-20 20:14, schrieb Tomas Habarta:
Actually, I likely managed to replicate the
hing about this request?
This is an email from the openldap-technical mailinglist from
openldap.
Systemdetails are mention in the other email.
Originalnachricht
Betreff: Re: Dovecot can't connect to openldap over starttls
Datum: 2017-03-20 16:18
Absender: Dan White <dwh...@cafe
Actually, I likely managed to replicate the problem itself.
I've observed described behavior (timeout with connection error) only if
Dovecot's tls_ca_cert_file provided either non-existent file or there
was no read access to the existing file -- found during review after
sending my last post as I
chnical mailinglist from
> >> openldap.
> >>
> >> Systemdetails are mention in the other email.
> >>
> >> Originalnachricht
> >> Betreff: Re: Dovecot can't connect to openldap over starttls
> >> Datum: 2017-03-20 16:18
>
.
Originalnachricht
Betreff: Re: Dovecot can't connect to openldap over starttls
Datum: 2017-03-20 16:18
Absender: Dan White <dwh...@cafedemocracy.org>
Empfänger: i...@gwarband.de
Kopie: openldap-techni...@openldap.org
On 03/20/17 16:06 +0100, i...@gwarband.de wrote:
Debug Dov
chricht ----
> Betreff: Re: Dovecot can't connect to openldap over starttls
> Datum: 2017-03-20 16:18
> Absender: Dan White <dwh...@cafedemocracy.org>
> Empfänger: i...@gwarband.de
> Kopie: openldap-techni...@openldap.org
>
> On 03/20/17 16:06 +0100, i...@gwarband.de wrote
Can sombody say something about this request?
This is an email from the openldap-technical mailinglist from openldap.
Systemdetails are mention in the other email.
Originalnachricht
Betreff: Re: Dovecot can't connect to openldap over starttls
Datum: 2017-03-20 16:18
Absender
I've tested your soulution, but it also says the same error.
I've tested all combinations of:
- tls_ca_cert_file =
- tls = yes
- tls_require_cert = demand
Every time it says "Connection error".
Only when tls is uncommented it says "TLS required".
Additional information
I've finally managed that running on Debian 8 test machine by commenting
tls_ca_cert_file =
option from dovecot-ldap.conf, so only
tls = yes
tls_require_cert = demand
Not sure why is that as on my CentOS6 Dovecot works even with that
commented option. May be that CentOS
The serverlog of openldap with loglevel "any":
https://gwarband.de/openldap/openldap-connect.log
Note: openldap waits 1 Minute before he says "TLS negotiation failure"
after the connect.
and dovecot says direct "Connect error"
I've also delete the TLSCipherSuite from openldap.
Tobias
Am
Increase log level on server side as well to see what the server says...
You may remove anything in TLSCipherSuite for the purpose of testing too.
Hopefully anyone knowing OpenLDAP internals could help you analyse it
more deeply.
Tomas
On 03/18/2017 01:31 PM, i...@gwarband.de wrote:
> I've
I've replicate the settings from ldapsearch to dovecot but no success.
To the certificate:
Yes it's a *.crt file but I have linked the *.pem file to it and
dovecot has read access to that file.
I have enabled the debugging in dovecot and have uploaded the output:
Well, if ldapsearch works, try to replicate its settings for dovecot client.
It's not obvious what settings ldapsearch uses, have a look at default
client settings in /etc/openldap/ldap.conf, there may be something set a
slightly different way.
Also double check permissions for files used by
Hello,
I have also installed LE certs.
But nothing helps, I have double-checking all certs.
ldapsearch with -ZZ works see:
https://gwarband.de/openldap/ldapsearch.log
I have also uploaded the TLSCACertificateFile, maybe I have a failure
in the merge of the two fiels:
Hi,
been running Dovecot 2.2.27 against OpenLDAP 2.4.40 normally over the
unix socket on the same machine, but tried over inet with STARTTLS and
it's working ok...
I would suggest double-checking key/certs setup on OpenLDAP side; for
the test I have used LE certs, utilizing following cn=config
Hello guys,
actually I'm trying to configure dovecot to access openldap for
passwordcheck.
My openldap is only allow access over "secure ldap".
The dovecot can communicate with the openldap server but there is maybe
a failure in the sslhandshake.
Additional information you can find in the
20 matches
Mail list logo
