[tpop3d-discuss]tpop and ldap tls problem
Adam
a.chabin at amg.net.pl
Wed, 14 Dec 2005 09:59:22 +0100
Hi,
I have 2 linux let say xxxxx and yyyyyy.
On xxxx is running openldap-2.3.13-1, on yyyyyy exim-4.54-2 with tpop3d,
version 1.5.3
tpop3d.conf: (yyyyyyyy)
listen-address:
yyyyyyyyyyyyy1(domain);tls=stls,/etc/openssl/mail.crt,/etc/openssl/mail.key
\
yyyyyyyyyyyyyy2(domain);tls=immediate,/etc/openssl/mail.crt,/etc/openssl/mail.key
\
yyyyyyyyyyyy3(domain);tls=immediate,/etc/openssl/mail.crt,/etc/openssl/mail.key
append-domain: yes
lowercase-mailbox: yes
lowercase-user: yes
maildir-evaluate-filename: yes
auth-ldap-enable: yes
#auth-ldap-use-tls: true
auth-ldap-url: ldap://xxxxxxxxx/ou=People,o=company,c=pl
auth-ldap-mail-user: mail
auth-ldap-mail-group: mail
auth-ldap-mailbox: maildir:/var/spool/virtual/dir1/$(user)
maildir:/var/spool/virtual/dir2/$(user)
auth-ldap-searchdn:
auth-ldap-password:
auth-ldap-filter:
(&(&(uid=$(user))(objectClass=SomeObjectClass))(allowMail=TRUE))
auth-ldap-scope: subtree
-------------------
/etc/ldap.conf : (yyyyyyyy)
TLS_CACERT /etc/openssl/cacert.pem
And all work great. I try to change ldap to ldaps, and activate
"auth-ldap-use-tls: true" option in tpop3d.conf, but I have such error:
Dec 14 09:44:20 yyyyy tpop3d[20396]: parse_listeners: listening on
address yyyyyyyyyyyy:110; TLS mode STLS
Dec 14 09:44:20 yyyyy tpop3d[20396]: parse_listeners: listening on
address yyyyyyyyyyyy:995; TLS mode immediate
Dec 14 09:44:20 yyyyy tpop3d[20396]: 1 authentication drivers
successfully loaded
Dec 14 09:44:20 yyyyy tpop3d[20396]: net_loop: tpop3d version 1.5.3
successfully started
Dec 14 09:45:02 yyyyy tpop3d[20396]: listeners_post_select: client
[6]some.ip.address/sdfsdfsdf.pl: connected to local address yyyyyyyyyyyy:995
Dec 14 09:45:02 yyyyy tpop3d[20396]: auth_ldap_connect:
ldap_start_tls_s: Can't contact LDAP server
Dec 14 09:45:02 yyyyy tpop3d[20396]: auth_ldap_connect:
ldap_start_tls_s: Can't contact LDAP server
Dec 14 09:45:02 yyyyy tpop3d[20396]: auth_ldap_connect:
ldap_start_tls_s: Can't contact LDAP server
Dec 14 09:45:02 yyyyy tpop3d[20396]: auth_ldap_new_user_pass: unable to
connect and bind to LDAP server
Dec 14 09:45:02 yyyyy tpop3d[20396]: connection_do: client
`[6]some.ip.address/sdfsdfsdf.pl': username `user@domain.pl': 1
authentication failures
I don't think that is TLS problem, because on yyyyyyyyy:
openssl s_client -host xxxxxxx -port 636 -CAfile /etc/openssl/cacert.pem
......
Verify return code: 0 (ok)
and exim talk with ldap over tsl without any problem. Any idea what's
wrong ?
Regards
Adam