[tpop3d-discuss]tpop and ldap tls problem

Adam a.chabin at amg.net.pl
Wed, 14 Dec 2005 09:59:22 +0100 

Hi,

I have 2 linux let say xxxxx and yyyyyy.
On xxxx is running openldap-2.3.13-1, on yyyyyy exim-4.54-2 with tpop3d,
version 1.5.3

tpop3d.conf: (yyyyyyyy)

listen-address:
yyyyyyyyyyyyy1(domain);tls=stls,/etc/openssl/mail.crt,/etc/openssl/mail.key
\
               
yyyyyyyyyyyyyy2(domain);tls=immediate,/etc/openssl/mail.crt,/etc/openssl/mail.key
\
               
yyyyyyyyyyyy3(domain);tls=immediate,/etc/openssl/mail.crt,/etc/openssl/mail.key

append-domain: yes

lowercase-mailbox: yes
lowercase-user: yes
maildir-evaluate-filename: yes

auth-ldap-enable:       yes
#auth-ldap-use-tls:     true
auth-ldap-url:          ldap://xxxxxxxxx/ou=People,o=company,c=pl
auth-ldap-mail-user:    mail
auth-ldap-mail-group:   mail
auth-ldap-mailbox:      maildir:/var/spool/virtual/dir1/$(user)
maildir:/var/spool/virtual/dir2/$(user)
auth-ldap-searchdn:
auth-ldap-password:
auth-ldap-filter:       
(&(&(uid=$(user))(objectClass=SomeObjectClass))(allowMail=TRUE))
auth-ldap-scope:        subtree

-------------------

/etc/ldap.conf : (yyyyyyyy)

TLS_CACERT /etc/openssl/cacert.pem

And all work great. I try to change ldap to ldaps, and activate
"auth-ldap-use-tls:     true" option in tpop3d.conf, but I have such error:

Dec 14 09:44:20 yyyyy tpop3d[20396]: parse_listeners: listening on
address yyyyyyyyyyyy:110; TLS mode STLS
Dec 14 09:44:20 yyyyy tpop3d[20396]: parse_listeners: listening on
address yyyyyyyyyyyy:995; TLS mode immediate
Dec 14 09:44:20 yyyyy tpop3d[20396]: 1 authentication drivers
successfully loaded
Dec 14 09:44:20 yyyyy tpop3d[20396]: net_loop: tpop3d version 1.5.3
successfully started
Dec 14 09:45:02 yyyyy tpop3d[20396]: listeners_post_select: client
[6]some.ip.address/sdfsdfsdf.pl: connected to local address yyyyyyyyyyyy:995
Dec 14 09:45:02 yyyyy tpop3d[20396]: auth_ldap_connect:
ldap_start_tls_s: Can't contact LDAP server
Dec 14 09:45:02 yyyyy tpop3d[20396]: auth_ldap_connect:
ldap_start_tls_s: Can't contact LDAP server
Dec 14 09:45:02 yyyyy tpop3d[20396]: auth_ldap_connect:
ldap_start_tls_s: Can't contact LDAP server
Dec 14 09:45:02 yyyyy tpop3d[20396]: auth_ldap_new_user_pass: unable to
connect and bind to LDAP server
Dec 14 09:45:02 yyyyy tpop3d[20396]: connection_do: client
`[6]some.ip.address/sdfsdfsdf.pl': username `user@domain.pl': 1
authentication failures

I don't think that is TLS problem, because on yyyyyyyyy:

openssl s_client -host xxxxxxx -port 636 -CAfile /etc/openssl/cacert.pem

......
Verify return code: 0 (ok)

and exim talk with ldap over tsl without any problem. Any idea what's
wrong ?

Regards

Adam