Miscellaneous first checks
Affected Component(s)
Docker container 10.4 with Dovecot + LDAPS
What happened and when does this occur?
I am seeing LDAPS connection errors from dovecot with 10.4
# /var/log/mail.log
Dec 25 09:23:17 mailserver-0 dovecot: imap-login: Aborted login (auth service reported temporary failure): user=<OMIT>, method=PLAIN, rip=10.0.10.1, lip=10.42.1.47, TLS, session=<Rxflee3TcOsKAAoB>
With "debug_level = -1" set in /etc/dovecot/dovecot-ldap.conf.ext:
# /var/log/mail.log
Dec 24 22:11:09 mailserver-0 dovecot: auth: Error: TLS: peer cert untrusted or revoked (0x42)
Dec 24 22:11:09 mailserver-0 dovecot: auth: Error: TLS: can't connect: (unknown error code).
Dec 24 22:11:09 mailserver-0 dovecot: auth: Error: LDAP: Can't connect to server: ldaps://<OMIT>
Dec 24 22:11:09 mailserver-0 dovecot: auth: Error: ldap_unbind
Taking a look at both 10.3 and 10.4, I found out that 10.4 is missing the "libldap-common" package which provides /etc/ldap/ldap.conf (and this package is present for 10.3). This file is *important* as it sets "TLS_CACERT /etc/ssl/certs/ca-certificates.crt", which is needed to look up (public) TLS certificates for LDAP lookups.
What did you expect to happen?
Dovecot + LDAPS connection should work, similar to DMS 10.3.
The "libldap-common" package needs to be added to Dockerfile for DMS 10.4.
Can someone please help to add this package?
How do we replicate the issue?
ENABLE_LDAP: "1"
LDAP_SERVER_HOST: ldaps://<OMIT>
LDAP_BIND_DN: <OMIT>
LDAP_SEARCH_BASE: <OMIT>
DOVECOT_AUTH_BIND: "yes"
DOVECOT_USER_FILTER: (&(objectClass=person)(mail=%u))
DOVECOT_USER_ATTRS: homeDirectory=home,=uid=5000,=gid=5000
DOVECOT_PASS_ATTRS: userPassword=password
DMS version
v10.4
What operating system is DMS running on?
Linux
What instruction set architecture is DMS running on?
ARM64 / ARM v8 (and newer)
What container orchestration tool are you using?
Kubernetes (not officially supported)
docker-compose.yml
No response
Relevant log output
No response
Other relevant information
#
# DMS 10.3
#
root@mailserver-0:/etc/ldap# ls
ldap.conf schema
root@mailserver-0:/etc/ldap# dpkg -S ldap.conf
libldap-common: /etc/ldap/ldap.conf
dovecot-ldap: /usr/share/dovecot/dovecot-ldap.conf.ext
libldap-common: /usr/share/man/man5/ldap.conf.5.gz
dovecot-ldap: /usr/share/dovecot/conf.d/auth-ldap.conf.ext
root@mailserver-0:/# cat /etc/debian_version
10.11
#
# DMS 10.4
#
root@mailserver-0:/etc/ldap# ls
schema
root@mailserver-0:/etc/ldap# dpkg -S ldap.conf
dovecot-ldap: /usr/share/dovecot/dovecot-ldap.conf.ext
dovecot-ldap: /usr/share/dovecot/conf.d/auth-ldap.conf.ext
root@mailserver-0:/# cat /etc/debian_version
11.2
What level of experience do you have with Docker and mail servers?
Code of conduct
Improvements to this form?
No response
Miscellaneous first checks
Affected Component(s)
Docker container 10.4 with Dovecot + LDAPS
What happened and when does this occur?
What did you expect to happen?
How do we replicate the issue?
DMS version
v10.4
What operating system is DMS running on?
Linux
What instruction set architecture is DMS running on?
ARM64 / ARM v8 (and newer)
What container orchestration tool are you using?
Kubernetes (not officially supported)
docker-compose.yml
No response
Relevant log output
No response
Other relevant information
What level of experience do you have with Docker and mail servers?
Code of conduct
Improvements to this form?
No response