When trying a secure LDAP (works fine without TLS/SSL) connection, it fails with "Unable to bind to server" on the postmap end, and "TLS negotiation failure" on the OpenLDAP end.
Using ldapsearch from the postfix host succeeds with both SSL and TLS. So does "openssl s_client". All the certificates are up to date and correspond to the host and URLs. So it's not a problem with TLS or SSL on the OpenLDAP or postfix host, just the combination of postfix to OpenLDAP. ------------------------------------------------------------------------------- root@cor[/etc/postfix]# postmap -v -q "[email protected]" ldap:/etc/postfix/virtual_mailbox_domains.cf postmap: name_mask: all postmap: inet_addr_local: configured 2 IPv4 addresses postmap: inet_addr_local: configured 3 IPv6 addresses postmap: dict_ldap_open: Using LDAP source /etc/postfix/virtual_mailbox_domains.cf postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: server_host = ldaps://ldap.redacted.com postmap: cfg_get_int: /etc/postfix/virtual_mailbox_domains.cf: server_port = 636 postmap: cfg_get_int: /etc/postfix/virtual_mailbox_domains.cf: version = 3 postmap: dict_ldap_open: /etc/postfix/virtual_mailbox_domains.cf server_host URL is ldaps://ldap.redacted.com postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: scope = one postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: search_base = ou=groups,dc=redacted,dc=com postmap: cfg_get_int: /etc/postfix/virtual_mailbox_domains.cf: timeout = 5 postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: query_filter = (&(objectClass=organizationalUnit)(ou=%s)) postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: result_format = %S postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: domain = postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: terminal_result_attribute = postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: leaf_result_attribute = postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: result_attribute = ou postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: special_result_attribute = postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: bind = yes postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: bind_dn = cn=postfix,ou=apps,dc=redacted,dc=com postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: bind_pw = redacted postmap: cfg_get_bool: /etc/postfix/virtual_mailbox_domains.cf: cache = off postmap: cfg_get_int: /etc/postfix/virtual_mailbox_domains.cf: cache_expiry = -1 postmap: cfg_get_int: /etc/postfix/virtual_mailbox_domains.cf: cache_size = -1 postmap: cfg_get_int: /etc/postfix/virtual_mailbox_domains.cf: recursion_limit = 1000 postmap: cfg_get_int: /etc/postfix/virtual_mailbox_domains.cf: expansion_limit = 0 postmap: cfg_get_int: /etc/postfix/virtual_mailbox_domains.cf: size_limit = 0 postmap: cfg_get_int: /etc/postfix/virtual_mailbox_domains.cf: dereference = 0 postmap: cfg_get_bool: /etc/postfix/virtual_mailbox_domains.cf: chase_referrals = off postmap: cfg_get_bool: /etc/postfix/virtual_mailbox_domains.cf: start_tls = off postmap: cfg_get_bool: /etc/postfix/virtual_mailbox_domains.cf: tls_require_cert = off postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: tls_ca_cert_file = /etc/letsencrypt/live/cor.redacted.com/fullchain.pem postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: tls_ca_cert_dir = postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: tls_cert = /etc/letsencrypt/live/cor.redacted.com/cert.pem postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: tls_key = /etc/letsencrypt/live/cor.redacted.com/privkey.pem postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: tls_random_file = postmap: cfg_get_str: /etc/postfix/virtual_mailbox_domains.cf: tls_cipher_suite = ALL postmap: cfg_get_int: /etc/postfix/virtual_mailbox_domains.cf: debuglevel = 0 postmap: dict_open: ldap:/etc/postfix/virtual_mailbox_domains.cf postmap: dict_ldap_lookup: In dict_ldap_lookup postmap: dict_ldap_lookup: No existing connection for LDAP source /etc/postfix/virtual_mailbox_domains.cf, reopening postmap: dict_ldap_connect: Connecting to server ldaps://ldap.redacted.com postmap: dict_ldap_connect: Actual Protocol version used is 3. postmap: dict_ldap_connect: Binding to server ldaps://ldap.redacted.com with dn cn=postfix,ou=apps,dc=redacted,dc=com postmap: warning: dict_ldap_connect: Unable to bind to server ldaps://ldap.redacted.com with dn cn=postfix,ou=apps,dc=redacted,dc=com: -1 (Can't contact LDAP server) postmap: fatal: table ldap:/etc/postfix/virtual_mailbox_domains.cf: query error: Application error ------------------------------------------------------------------------------- I have full logging set up but cannot see what the issue is. Any ideas? _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
