Hi Markus, hi list,
On 2026-03-30 12:15:15, markus-dovecot--- via dovecot wrote:
Unfortunately the upgrade to v2.4.3 broke the ldap connection.
I have configured an ldap connection like this:
```
ldap_uris = ldaps://xxx.com
ldap_auth_dn = uid=xxx,ou=general accounts,dc=xxx,dc=com
ldap_auth_dn_password = xxx
ldap_base = dc=xxx,dc=com
passdb ldap {
ldap_bind = yes
[...]
}
```
v2.4.3 cannot connect and says:
```
auth: Error: ldap(ldaps://xxx.com636): Can't connect to server: ldaps://xxx.com
```
Ldap server logs:
```
ACCEPT from IP=[XXX]:45674 (IP=[::]:636)
TLS established tls_ssf=256 ssf=256 tls_proto=TLS1.3 tls_cipher=AES-256-GCM
closed (connection lost)
```
Downgrade to dovecot v2.4.2 makes it work again.
Was there any ldap change in v2.4.3 that required a config change?
I had a similar error. In my case, dovecot was missing the CA certificate for the
cert of the LDAP server, as it was not included in the OS' ca-certificates bundle. I
fixed it in my case with:
ssl_client_ca_file = /path/to/ldapservers-ca-certificate.crt
Seems like dovecot did not check the CA signing the LDAP server's certificate before
2.4.3.
Best,
--
Patrick Cernko <[email protected]> +49 681 9325 5815
Joint Scientific IT and Technical Service
Max-Planck-Institute für Informatik & Softwaresysteme
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
