From: Liviu Daia (no email)
Date: Mon Mar 01 2004 - 08:20:06 EST
On 1 March 2004, Wietse Venema <> wrote:
> ----- Forwarded message from Joel CARNAT -----
>
> Subject: postfix don't connect to ldaps
>
>
> Hi,
>
> can have postfix connect to LDAP via SSL :/
> **************************************************************
> virtual_maps = ldap:aliases
>
> virtual_mailbox_base = /home/vmail
> virtual_mailbox_maps = ldap:accounts
> virtual_minimum_uid = 101
> virtual_uid_maps = static:101
> virtual_gid_maps = static:101
>
> aliases_server_host = ldaps://hostname:636
> aliases_search_base = dc=hosting
> aliases_scope = sub
> aliases_version = 3
> aliases_bind_dn = cn=reader,dc=hosting
> aliases_bind_pw = XXX
> aliases_ldap_scope = sub
> aliases_query_filter = (&(mail=%s)(objectClass=CourierMailAlias))
> aliases_result_attribute = maildrop
> aliases_bind = yes
> aliases_cache = no
> **************************************************************
> postmap: dict_ldap_connect: Connecting to server ldaps://hostname:636
> postmap: warning: dict_ldap_connect: Actual Protocol version used is 3.
> postmap: dict_ldap_connect: Binding to server ldaps://hostname:636 as dn cn=reader,dc=hosting
> postmap: warning: dict_ldap_connect: Unable to bind to server ldaps://hostname:636 as cn=reader,dc=hosting: 81 (Can't contact LDAP server)
> **************************************************************
>
> I actually see the connection accept on the slapd.log
> doing 'ldapsearch' with those values work
> ldd on postfix binaries show ssl and ldap linkings
>
> any idea of what I'm missing ?
The answer is in slapd's logs. Probably the SSL handshake is
failing. Point Postfix explicitly to the SSL client certificates.
Regards,
Liviu Daia
-- Dr. Liviu Daia e-mail: Institute of Mathematics web page: http://www.imar.ro/~daia of the Romanian Academy PGP key: http://www.imar.ro/~daia/daia.asc
|
|
|