NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2004-03

Re: Fw: postfix don't connect to ldaps (fwd)

From: Liviu Daia (Liviu.Daiaimar.ro)
Date: Mon Mar 01 2004 - 07:20:06 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1 March 2004, Wietse Venema <wietseporcupine.org> wrote:
> ----- Forwarded message from Joel CARNAT -----
>
> Subject: postfix don't connect to ldaps
>
>
> Hi,
>
> can have postfix connect to LDAP via SSL :/
> **************************************************************
> virtual_maps = ldap:aliases
>
> virtual_mailbox_base = /home/vmail
> virtual_mailbox_maps = ldap:accounts
> virtual_minimum_uid = 101
> virtual_uid_maps = static:101
> virtual_gid_maps = static:101
>
> aliases_server_host = ldaps://hostname:636
> aliases_search_base = dc=hosting
> aliases_scope = sub
> aliases_version = 3
> aliases_bind_dn = cn=reader,dc=hosting
> aliases_bind_pw = XXX
> aliases_ldap_scope = sub
> aliases_query_filter = (&(mail=%s)(objectClass=CourierMailAlias))
> aliases_result_attribute = maildrop
> aliases_bind = yes
> aliases_cache = no
> **************************************************************
> postmap: dict_ldap_connect: Connecting to server ldaps://hostname:636
> postmap: warning: dict_ldap_connect: Actual Protocol version used is 3.
> postmap: dict_ldap_connect: Binding to server ldaps://hostname:636 as dn cn=reader,dc=hosting
> postmap: warning: dict_ldap_connect: Unable to bind to server ldaps://hostname:636 as cn=reader,dc=hosting: 81 (Can't contact LDAP server)
> **************************************************************
>
> I actually see the connection accept on the slapd.log
> doing 'ldapsearch' with those values work
> ldd on postfix binaries show ssl and ldap linkings
>
> any idea of what I'm missing ?

The answer is in slapd's logs. Probably the SSL handshake is
failing. Point Postfix explicitly to the SSL client certificates.

Regards,

Liviu Daia

--
Dr. Liviu Daia e-mail: Liviu.Daiaimar.ro
Institute of Mathematics web page: http://www.imar.ro/~daia
of the Romanian Academy PGP key: http://www.imar.ro/~daia/daia.asc

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]