> This is hopefully a simple question, but I've been up all night working > on it and haven't gotten anywhere. > > I have a running ldap server using ssl on port 636. I know it is working > as I have pam and samba authenticating against it. > > When I set ldapserver to 127.0.0.1, qmail fails with deferral: > Unable_to_contact_LDAP_server_(bad_server_address_or_server_down?)._(LDAP- > ERR_#205) > As nothing is telling qmail-ldap to use ssl, this seems correct. When I > set ldapserver to ldaps://127.0.0.1:636, as in my openldap ldap.conf, I > get the same error. > > However, when I set ldapserver to ldaps://127.0.0.1, I don't get a > connect error, I get deferral: qmail-local_crashed./ > > In an effort to debug this I copied /var/qmail/bin/qmail-local to another > file and replaced it with a script that logged the command line arguments > passed to it. The script wasn't run. I also tried replacing > /var/qmail/bin/qmail-local > with a copy of /bin/true. The logger reported that true (qmail-local) > crashed. This leads me to believe that qmail-local isn't crashing, but > whatever calls it is crashing and reporting as qmail-local. > > So, is ldaps://127.0.0.1 correct? If not what should I do? If it is how > can I beat more information out of qmail to find out what is crashing? > > Please respond directly to me, the mail server I'm sending this from > won't accept the reply address ezmlm sent me. I would use my server to > reply, but it's not working.
Two things. Why are you trying to use SSL on loopback interface ? OpenLDAP client library tries to verify server's hostname in SSL connection by default. It fails to connect to incorrect ldaps URL. LDAP server's hostname must match hostname in server's sertificate. -- Tomas
