Hi, I'm using dovecot 2.2.9 (but after checking src/auth/db-ldap.c in 2.2.13 there seems to be the same bug/feature).
The userdb and passdb use LDAP. All further configuration is done in
auth-ldap.conf.ext.
uri = ldaps://<host>/
# tls =
tls_cert_file = /etc/ssl/certs/client-cert.pem
tls_key_file = /etc/ssl/certs/client-key.file
Dovecot ignores the tls_* options. If I use an ldap:// URI and
switch on TLS using tls=yes it works as expected.
But I do not see any reason why LDAPS should not read the tls_*
settings.
This small patch solved it for me
--- dovecot-2.2.9/src/auth/db-ldap.c 2013-11-24 14:37:39.000000000 +0100
+++ dovecot-2.2.9.hs12/src/auth/db-ldap.c 2015-10-08 21:24:47.051446465
+0200
@@ -1043,7 +1043,7 @@
static void db_ldap_set_tls_options(struct ldap_connection *conn)
{
- if (!conn->set.tls)
+ if (!(conn->set.tls || strncmp(conn->set.uris, "ldaps:", 6) == 0))
return;
#ifdef OPENLDAP_TLS_OPTIONS
It would be great, if somebody can confirm this and if this or some
equivalent patch could make it upstream.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
signature.asc
Description: Digital signature
