Hello everyone,
First time to post here.
I trying to use OpenLDAP and qmail-ldap to communicate via SSL.
Here's what I am trying to do:
I have qmail-ldap(ldap client) running already, with TLS/SSL patch for SMTP.
OpenLDAP( separate server) is also running on ports 389 and 636(TLS/SSL).
Since I have the
OpenLDAP server as the backend authentication engine, qmail-ldap is
basically doing
a lookup every pop3 session opened by the POP3 client. I can authenticate
just
fine if I use the default port 389 (plaintext) but qmail-popup
generates an unknown error whenever I set /var/qmail/control/ldapserver to
point to ldap.server.com:636 (also tried ldaps://ldap.server.com) :
qldap_open: NOT successful: unknown error occured.
I am quite sure it has something to do with qmail-ldap client ldap lookup
involving TLS/SSL. I have tested port 686 on the OpenLDAP server by issuing
the
following command:
openssl s_client -connect ldap.server.com:636
and got a response:
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
<...output snipped...>
Key-Arg : None
Start Time: 1023393650
Timeout : 300 (sec)
Verify return code: 0 (ok)
which seems to be as expected.
ldapsearch -H ldap://ldap.server.com -x -b 'dc=mydomain,dc=com'
'(objectclass=*)' -Z
and
ldapsearch -H ldaps://ldap.server.com -x -b 'dc=mydomain,dc=com'
'(objectclass=*)'
work fine too from the qmail-ldap server to OpenLDAP server.
Is there a tweak that I can do to enable TLS/SSL support on
/var/qmail/control/ldapserver ?
Or is this not supported at all in the current release?
I would appreciate any information that you can provide.
Thanks and have a good weekend.
