Hi Jim, No worries, understand your requirement to keep it confidential. Have you confirmed whether the CA certificate can be found/read?
Also wondering if you could perhaps just share the ldap configuration lines (cat imapd.conf | grep “ldap_”. I’m curious if you have ldap_start_tls: configured e.g have you tried toggling starttls no/yes direct tls/ssl and curious if ldap_servers: ldap://ldap.server or ldaps://ldap.server to see if behaviour changes with different combinations? Regards Andrew > On 22/06/2021, at 03:24, [email protected] wrote: > > > Hi Andrew, > I didn't have client certificate and key configured because I assumed > ptclient would be happy just verifying the server certificate (the CA cert > for it is installed and properly referenced in imapd.conf) the same as > saslauthd and lpadsearch manage with. The other parameters are all configured > and as far as I can see correct, i.e. the directory and file parameters point > to the correct directory and file for the CA certificate. > In case the client cert and key were needed, I tried initially with the > snakeoil cert and key (no difference) and then just in case that wasn't set > up as a client cert, I created a new request and generated a new > client/server certificate on my windows CA which I re-exported and is now in > the correct location and referenced properly in imapd.conf, but still no > change to how either ldaps, or starttls are failing. > > I could share the entire impad.conf, but it is debian based so has a lot of > comments and a lot of commented out options before you even get to the > authorization section and I will need to be really careful to modify anything > company specific, so I am trying not to share it, but will if it is the only > way. > > Thanks > Jim > Cyrus / Info / see discussions + participants + delivery options Permalink ------------------------------------------ Cyrus: Info Permalink: https://cyrus.topicbox.com/groups/info/T1c604a219c5fa805-M9af3c6e3bcf2b0d9c03dcdc6 Delivery options: https://cyrus.topicbox.com/groups/info/subscription
