postfix-users

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: trouble with ldaps in ldap lookup map Victor Duchovni Fri Jun 26 11:00:41 2009

On Fri, Jun 26, 2009 at 11:50:12AM -0400, btb wrote:

> >cat virtual_mailbox_domains.cf
> version = 3
> tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
> server_host = ldaps://ldap.example.com
> bind_dn = cn=postfix,ou=services,ou=accounts,dc=example,dc=com
> bind_pw = xxxxxxxxxxxxxx
> search_base = ou=domains,ou=mail,dc=example,dc=com
> query_filter = (&(objectClass=mailDomain)(host=%s)(description=virtual))
> result_attribute = description

Is /etc/ssl/certs/ca-certificates.crt a PEM file?

> testing with postmap returns:
> >postmap -q 'example.com' ldap:./virtual_mailbox_domains.cf
> postmap: warning: dict_ldap_set_tls_options: Unable to allocate new TLS 
> context -1: Can't contact LDAP server

Have you tried with "start_tls = yes" instead of "ldaps"?
Have you tried "debuglevel = 1", to see more verbose OpenLDAP logging?

Are you using GnuTLS or OpenSSL?

I don't see any code path in OpenLDAP 2.4.11 that wants a live server
connection for setting the per-connection TLS context. This call should
not be failing.

-- 
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[EMAIL PROTECTED]>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.