On 9/3/2010 4:16 PM, Victor Duchovni wrote:
Sorry, I went back and RTFM, and found that. "TLS certificate verification: Error, unable to get local issuer certificate" is my new debug error that I am using Google to find out best places to look. I have the site CA file listed in the config, etc, so I am not sure why I get this error.On Fri, Sep 03, 2010 at 04:07:13PM -0500, Seann wrote:Enable LDAP debugging to see more logging. The OpenLDAP library will return this error when the peer certificate CommonName does not match the hostname you specify, but there could be other errors.When I use the LDAPS URI, I get this: Sep 2 09:46:55 server postfix/postmap[4659]: warning: dict_ldap_connect: Unable to bind to server ldaps://AD.domain.net:636 as CN=admin,CN=Users, DC=domain,DC=net: -1 (Can't contact LDAP server)Is anyone home on port 636? Does "openssl s_client" work?Yes, there is a listener on 636, as I use it for other LDAPS queries. I haven't a clue how to turn on debuging for LDAP, is it the same flags as the main postfix system debugging?http://www.postfix.org/ldap_table.5.html describes the "debuglevel" parameter. The value "2" seems to be a useful level of LDAP verbosity.
smime.p7s
Description: S/MIME Cryptographic Signature
