Summary: | net-mail/dovecot-2.0.11: tls for the openldap connection seems to have broken in this version | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Charlie Clark <charlie> |
Component: | Current packages | Assignee: | Eray Aslan <eras> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | net-mail+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Charlie Clark
2011-05-02 22:02:18 UTC
Looks like a configuration problem. You can use ldaps (port 636) or STARTTLS (port 389) to connect to your LDAP server but you cannot use STARTTLS for a ldaps request AFAIK. (tls=yes means use STARTTLS). Also, using TLS for communication on localhost does not buy you any security. server dovecot # grep -v '^#' /etc/dovecot/dovecot-ldap.conf.ext hosts = 127.0.0.1:636 dn = cn=dovecot,dc=example,dc=com dnpass = ******* tls_require_cert = never auth_bind = yes auth_bind_userdn = uid=%u,ou=People,dc=example,dc=com ldap_version = 3 base = ou=People,dc=example,dc=com user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=inetOrgPerson)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=inetOrgPerson)(uid=%u)) iterate_attrs = uid=user iterate_filter = (objectClass=inetOrgPerson) default_pass_scheme = CRYPT slapd debug snippet: TLS trace: SSL_accept:before/accept initialization tls_read: want=11, got=11 0000: 30 36 02 01 01 60 31 02 01 03 04 06...`1.... TLS trace: SSL_accept:error in SSLv2/v3 read client hello A TLS: can't accept: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol. connection_read(13): TLS accept failure error=-1 id=6718, closing Still fails, I've tried a number of different TLS configurations to get this to work and none of them do. As I said, I had a working configuration before the configuration files changed and I've tried the configuration that I originally had set up as mentioned before. And I'm not doing it for security, I'm mainly doing it for the experience. Try a minimum config to see if you can get TLS to work and add to your config from there. Perhaps something like: hosts = localhost auth_bind = yes ldap_version = 3 tls = yes base = ou=People,dc=example,dc=com user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=inetOrgPerson)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=inetOrgPerson)(uid=%u)) default_pass_scheme = CRYPT In any case, you should try support forums and mailing lists. You will get better help. This is almost certainly a configuration error and not a bug. Closing for now. |