starttls connection to LDAP server for postmap

Frederic Van Espen Thu, 13 Aug 2015 23:47:00 -0700

Hi,

When receiving a mail we lookup in ldap where the mail needs to go.
This works fine for a simple unsecured ldap connection, but when I try to enable
start_tls I consistently receive this error when receiving a mail:
warning: dict_ldap_set_tls_options: Unable to allocate new TLS context
-1: Can't contact LDAP server


However, it does seem to work fine when I manually run it with
postmap on the commandline. In that case I can see the connection to
the LDAP server
being set up with wireshark and the switching to STARTTLS. It seems
only the postfix process itself cannot connect. I tried the same thing
while using the postfix user to make sure it's not a permission issue
but postmap also works fine in that case.

I have set debuglevel=2 in the postmap configuration and this is the result:
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 220 2.0.0 Ready to start TLS
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: auto_clnt_open: connected
to private/tlsmgr
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: send attr request = seed
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: send attr size = 32
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: private/tlsmgr: wanted
attribute: status
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: input attribute name: status
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: input attribute value: 0
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: private/tlsmgr: wanted
attribute: seed
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: input attribute name: seed
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: input attribute value:
dLn7VEk4sAJmrFsCDTlm+nyNc3/NdMoKC5ZS/Bejdso=
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: private/tlsmgr: wanted
attribute: (list terminator)
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: input attribute name: (end)
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: Anonymous TLS connection
established from mail-wi0-f171.google.com[209.85.212.171]: TLSv1.2
with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: xsasl_cyrus_server_create:
SASL service=smtp, realm=(null)
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: name_mask: noanonymous
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: <
mail-wi0-f171.google.com[209.85.212.171]: EHLO
mail-wi0-f171.google.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: match_list_match:
mail-wi0-f171.google.com: no match
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: match_list_match:
209.85.212.171: no match
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250-uat.escaux.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250-PIPELINING
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250-SIZE 20480000
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250-VRFY
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250-ETRN
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250-AUTH PLAIN LOGIN
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250-ENHANCEDSTATUSCODES
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250-8BITMIME
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250 DSN
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: <
mail-wi0-f171.google.com[209.85.212.171]: MAIL
FROM:<frederic...@gmail.com> SIZE=1470
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: extract_addr: input:
<frederic...@gmail.com>
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: smtpd_check_addr:
addr=frederic...@gmail.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: ctable_locate: move
existing entry key frederic...@gmail.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: extract_addr: in:
<frederic...@gmail.com>, result: frederic...@gmail.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: smtpd_check_rewrite:
trying: permit_inet_interfaces
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: permit_inet_interfaces:
mail-wi0-f171.google.com 209.85.212.171
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: fsspace: .: block size
4096, blocks free 8687103
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: smtpd_check_queue: blocks
4096 avail 8687103 min_free 0 msg_size_limit 20480000
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250 2.1.0 Ok
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: <
mail-wi0-f171.google.com[209.85.212.171]: RCPT TO:<f...@uat.escaux.com>
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: extract_addr: input:
<f...@uat.escaux.com>
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: smtpd_check_addr:
addr=f...@uat.escaux.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: ctable_locate: move
existing entry key f...@uat.escaux.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: extract_addr: in:
<f...@uat.escaux.com>, result: f...@uat.escaux.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: >>> START Recipient
address RESTRICTIONS <<<
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: generic_checks:
name=permit_mynetworks
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: permit_mynetworks:
mail-wi0-f171.google.com 209.85.212.171
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: match_hostname:
mail-wi0-f171.google.com ~? 127.0.0.1/32
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: match_hostaddr:
209.85.212.171 ~? 127.0.0.1/32
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: match_hostname:
mail-wi0-f171.google.com ~? 213.246.219.73/32
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: match_hostaddr:
209.85.212.171 ~? 213.246.219.73/32
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: match_hostname:
mail-wi0-f171.google.com ~? 10.0.0.102/32
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: match_hostaddr:
209.85.212.171 ~? 10.0.0.102/32
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: match_list_match:
mail-wi0-f171.google.com: no match
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: match_list_match:
209.85.212.171: no match
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: generic_checks:
name=permit_mynetworks status=0
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: generic_checks:
name=permit_sasl_authenticated
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: generic_checks:
name=permit_sasl_authenticated status=0
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: generic_checks:
name=reject_unauth_destination
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: reject_unauth_destination:
f...@uat.escaux.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: permit_auth_destination:
f...@uat.escaux.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: ctable_locate: leave
existing entry key f...@uat.escaux.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: generic_checks:
name=reject_unauth_destination status=0
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: generic_checks:
name=check_policy_service
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr request =
smtpd_access_policy
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: connection established
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: master_notify: status 0
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: name_mask: resource
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: name_mask: software
Aug 11 19:33:29 ict005 postfix/smtpd[3238]: proxymap stream disconnect
Aug 11 19:33:29 ict005 postfix/smtpd[3238]: auto_clnt_close:
disconnect private/tlsmgr stream
Aug 11 19:33:29 ict005 postfix/smtpd[3238]: rewrite stream disconnect
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: connect from
mail-wi0-f171.google.com[209.85.212.171]
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: match_list_match:
mail-wi0-f171.google.com: no match
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: match_list_match:
209.85.212.171: no match
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: match_list_match:
mail-wi0-f171.google.com: no match
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: match_list_match:
209.85.212.171: no match
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: smtp_stream_setup:
maxtime=300 enable_deadline=0
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: match_hostname:
mail-wi0-f171.google.com ~? 127.0.0.1/32
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: match_hostaddr:
209.85.212.171 ~? 127.0.0.1/32
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: match_hostname:
mail-wi0-f171.google.com ~? 213.246.219.73/32
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: match_hostaddr:
209.85.212.171 ~? 213.246.219.73/32
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: match_hostname:
mail-wi0-f171.google.com ~? 10.0.0.102/32
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: match_hostaddr:
209.85.212.171 ~? 10.0.0.102/32
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: match_list_match:
mail-wi0-f171.google.com: no match
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: match_list_match:
209.85.212.171: no match
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: send attr request = connect
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: send attr ident =
smtp:209.85.212.171
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: private/anvil: wanted
attribute: status
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: input attribute name: status
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: input attribute value: 0
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: private/anvil: wanted
attribute: count
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: input attribute name: count
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: input attribute value: 1
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: private/anvil: wanted
attribute: rate
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: input attribute name: rate
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: input attribute value: 1
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: private/anvil: wanted
attribute: (list terminator)
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: input attribute name: (end)
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 220 uat.escaux.com ESMTP
Postfix (Debian/GNU)
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: <
mail-wi0-f171.google.com[209.85.212.171]: EHLO
mail-wi0-f171.google.com
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: match_list_match:
mail-wi0-f171.google.com: no match
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: match_list_match:
209.85.212.171: no match
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250-uat.escaux.com
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250-PIPELINING
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250-SIZE 20480000
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250-VRFY
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250-ETRN
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250-STARTTLS
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250-ENHANCEDSTATUSCODES
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250-8BITMIME
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 250 DSN
Aug 11 19:33:29 ict005 postfix/smtpd[3234]: <
mail-wi0-f171.google.com[209.85.212.171]: STARTTLS
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr protocol_state = RCPT
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr protocol_name = ESMTP
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr client_address =
209.85.212.171
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr client_name =
mail-wi0-f171.google.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr
reverse_client_name = mail-wi0-f171.google.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr helo_name =
mail-wi0-f171.google.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr sender =
frederic...@gmail.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr recipient =
f...@uat.escaux.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr recipient_count = 0
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr queue_id =
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr instance =
ca2.55ca31ea.c803.0
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr size = 1470
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr etrn_domain =
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr stress =
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr sasl_method =
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr sasl_username =
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr sasl_sender =
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr ccert_subject =
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr ccert_issuer =
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr ccert_fingerprint =
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr ccert_pubkey_fingerprint =
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr
encryption_protocol = TLSv1.2
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr
encryption_cipher = ECDHE-RSA-AES128-GCM-SHA256
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr encryption_keysize = 128
Aug 11 19:33:30 ict005 postgrey[3190]: action=pass, reason=client
whitelist, client_name=mail-wi0-f171.google.com,
client_address=209.85.212.171, sender=frederic...@gmail.com,
recipient=f...@uat.escaux.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: 127.0.0.1:10023: wanted
attribute: action
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: input attribute name: action
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: input attribute value: DUNNO
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: 127.0.0.1:10023: wanted
attribute: (list terminator)
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: input attribute name: (end)
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: check_table_result:
inet:127.0.0.1:10023 DUNNO policy query
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: generic_checks:
name=check_policy_service status=0
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: >>> END Recipient address
RESTRICTIONS <<<
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: >>> CHECKING RECIPIENT MAPS <<<
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: ctable_locate: leave
existing entry key f...@uat.escaux.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: maps_find:
recipient_canonical_maps: f...@uat.escaux.com: not found
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: maps_find:
recipient_canonical_maps: fes: not found
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: maps_find:
recipient_canonical_maps: @uat.escaux.com: not found
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: mail_addr_find:
f...@uat.escaux.com -> (not found)
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: maps_find: canonical_maps:
f...@uat.escaux.com: not found
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: maps_find: canonical_maps:
fes: not found
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: maps_find: canonical_maps:
@uat.escaux.com: not found
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: mail_addr_find:
f...@uat.escaux.com -> (not found)
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: dict_ldap_lookup: In
dict_ldap_lookup
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: match_string:
uat.escaux.com ~? uat.escaux.com
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: dict_ldap_lookup: No
existing connection for LDAP source /etc/postfix/ldap-account.cf,
reopening
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: dict_ldap_connect:
Connecting to server ldap://127.0.0.1
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: dict_ldap_connect: Actual
Protocol version used is 3.
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: warning:
dict_ldap_set_tls_options: Unable to allocate new TLS context -1:
Can't contact LDAP server
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: warning:
ldap:/etc/postfix/ldap-account.cf lookup error for
"f...@uat.escaux.com"
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: maps_find:
virtual_alias_maps: f...@uat.escaux.com: search aborted
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: mail_addr_find:
f...@uat.escaux.com -> (try again)
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: NOQUEUE: reject: RCPT from
mail-wi0-f171.google.com[209.85.212.171]: 451 4.3.0
<f...@uat.escaux.com>: Temporary lookup failure;
from=<frederic...@gmail.com> to=<f...@uat.escaux.com> proto=ESMTP
helo=<mail-wi0-f171.google.com>
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 451 4.3.0
<f...@uat.escaux.com>: Temporary lookup failure
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: <
mail-wi0-f171.google.com[209.85.212.171]: DATA
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 554 5.5.1 Error: no valid
recipients
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: <
mail-wi0-f171.google.com[209.85.212.171]: QUIT
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: >
mail-wi0-f171.google.com[209.85.212.171]: 221 2.0.0 Bye
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: match_hostname:
mail-wi0-f171.google.com ~? 127.0.0.1/32
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: match_hostaddr:
209.85.212.171 ~? 127.0.0.1/32
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: match_hostname:
mail-wi0-f171.google.com ~? 213.246.219.73/32
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: match_hostaddr:
209.85.212.171 ~? 213.246.219.73/32
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: match_list_match:
mail-wi0-f171.google.com: no match
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: match_list_match:
209.85.212.171: no match
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr request = disconnect
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: send attr ident =
smtp:209.85.212.171
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: private/anvil: wanted
attribute: status
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: input attribute name: status
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: input attribute value: 0
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: private/anvil: wanted
attribute: (list terminator)
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: input attribute name: (end)
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: disconnect from
mail-wi0-f171.google.com[209.85.212.171]
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: master_notify: status 1
Aug 11 19:33:30 ict005 postfix/smtpd[3234]: connection closed

I'm using Debian Wheezy with postfix 2.9.6-2 and openldap 2.4.31-2

Here's one of the configuration files:
server_host = ldap://127.0.0.1
#server_host = ldapi:///var/run/ldapi
server_port = 389
start_tls = yes
tls_ca_cert_file = /etc/postfix/escaux-ict-ca.pem
tls_require_cert = yes
tls_cipher_suite = SECURE256
debuglevel = 2
version = 3
search_base = ou=People,dc=escaux,dc=com
scope = sub
# we search through the Users base for the recipient email address (%s)
query_filter = (|(mail=%u@*)(mailLocalAddress=%u@*))
domain = uat.escaux.com, uat.fuzer.net
# if we find anything under ou=Users,dc=domain,dc=tld, we deliver to
the account specified under "uid"
# so basically, if we send an email to john....@domain.tld, we will
find an entry, finally delivering the email to uid username1
result_attribute = uid

If I leave out the tls_cipher_suite statement, nothing changes. No
attempt to connect to the LDAP server is ever made.

Does anybody have an idea what I may be doing wrong?


Cheers,

Frederic

starttls connection to LDAP server for postmap

Reply via email to