On Fri, Jun 26, 2009 at 11:50:12AM -0400, btb wrote:
> >cat virtual_mailbox_domains.cf
> version = 3
> tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
> server_host = ldaps://ldap.example.com
> bind_dn = cn=postfix,ou=services,ou=accounts,dc=example,dc=com
> bind_pw = xxxxxxxxxxxxxx
> search_base = ou=domains,ou=mail,dc=example,dc=com
> query_filter = (&(objectClass=mailDomain)(host=%s)(description=virtual))
> result_attribute = description
Is /etc/ssl/certs/ca-certificates.crt a PEM file?
> testing with postmap returns:
> >postmap -q 'example.com' ldap:./virtual_mailbox_domains.cf
> postmap: warning: dict_ldap_set_tls_options: Unable to allocate new TLS
> context -1: Can't contact LDAP server
Have you tried with "start_tls = yes" instead of "ldaps"?
Have you tried "debuglevel = 1", to see more verbose OpenLDAP logging?
Are you using GnuTLS or OpenSSL?
I don't see any code path in OpenLDAP 2.4.11 that wants a live server
connection for setting the per-connection TLS context. This call should
not be failing.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
