When setting e.g. LDAP_SERVER_HOST=ldaps://farafin.de:636, Dovecot can't authenticate any users (dovecot: auth: Error: LDAP: Can't connect to server: ldaps://example.org:636).<
Context
I have an LDAP server that only allows TLS connections - the mailserver works great with that, except for IMAP (which fails with the above error message).
What is affected by this bug?
IMAP authentication
When does this occur?
When using LDAP over TLS (not STARTTLS!).
How do we replicate the issue?
- Set up an LDAP server with TLS
- Set LDAP_SERVER_HOST to
ldaps://your-ldap-server-host:636
- Try to authenticate against the mailserver with correct credentials from the LDAP server
Actual Behavior
The authentication fails.
Expected behavior (i.e. solution)
The authentication succeeds.
Possible Solution
If the LDAP_SERVER_HOST contains ://, the Dovecot config (/etc/dovecot/dovecot-ldap.conf.ext) should use the uris instead of the hosts parameter (see https://doc.dovecot.org/configuration_manual/authentication/ldap/).
I'm using v7.0.0.
When setting e.g.
LDAP_SERVER_HOST=ldaps://farafin.de:636, Dovecot can't authenticate any users (dovecot: auth: Error: LDAP: Can't connect to server: ldaps://example.org:636).<Context
I have an LDAP server that only allows TLS connections - the mailserver works great with that, except for IMAP (which fails with the above error message).
What is affected by this bug?
IMAP authentication
When does this occur?
When using LDAP over TLS (not STARTTLS!).
How do we replicate the issue?
ldaps://your-ldap-server-host:636Actual Behavior
The authentication fails.
Expected behavior (i.e. solution)
The authentication succeeds.
Possible Solution
If the LDAP_SERVER_HOST contains
://, the Dovecot config (/etc/dovecot/dovecot-ldap.conf.ext) should use theurisinstead of thehostsparameter (see https://doc.dovecot.org/configuration_manual/authentication/ldap/).I'm using v7.0.0.