Hi, I have configured postfix to work with openldap server for lookups. main.cf configurations are as below,
################################################## virtual_mailbox_domains=1CorpHQ.tcs.mil.in virtual_mailbox_base=/var/mail/vmail virtual_mailbox_maps=ldap:/etc/postfix/virtual_mailbox_ssl_ldapusers virtual_alias_maps=ldap:/etc/postfix/virtual_alias_map_ssl_ldapusers, ldap:/etc/postfix/ldapdistlist_ssl.cf virtual_minimum_uid=1000 virtual_uid_maps=static:6000 virtual_gid_maps=static:6000 ###################################################### VIRTUAL_ALIAS_MAP_SSL_LDAPUSERS FILE IS AS BELOW server_host = ldap://1CorpHQ:389 #server_port = 389 start_tls = yes tls_require_cert = yes tls_ca_cert_file = /etc/postfix/new_certs_/ca_cert_ldap.pem bind = yes bind_dn = cn=admin,dc=tcs,dc=mil,dc=in bind_pwd = tcsmsg version = 3 search_base = dc=tcs,dc=mil,dc=in scope = sub timeout = 5 query_filter = uid=%u result_attribute = mailHost debuglevel = 1 But when i'm sending mail, postfix is not able to contact directory server. log is as follows Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: initializing the server-side TLS engine Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: connect from unknown[201.123.80.7] Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: setting up TLS connection from unknown[201.123.80.7] Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: unknown[201.123.80.7]: TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:before/accept initialization Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 read client hello A Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write server hello A Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write certificate A Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write key exchange A Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write server done A Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 flush data Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 read client key exchange A Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 read finished A Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write change cipher spec A Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 write finished A Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: SSL_accept:SSLv3 flush data Sep 6 17:02:50 1CorpHQ postfix/smtpd[28812]: Anonymous TLS connection established from unknown[201.123.80.7]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_create Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_url_parse_ext(ldap://1CorpHQ:389) Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_extended_operation_s Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_extended_operation Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_send_initial_request Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_new_connection 1 1 0 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_int_open_connection Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_connect_to_host: TCP 1CorpHQ:389 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_new_socket: 13 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_prepare_socket: 13 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_connect_to_host: Trying 127.0.0.1:389 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_pvt_connect: fd: 13 tm: 5 async: 0 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_ndelay_on: 13 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: attempting to connect: Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: connect errno: 115 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_int_poll: fd: 13 tm: 5 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_is_sock_ready: 13 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_ndelay_off: 13 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_pvt_connect: 0 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_open_defconn: successful Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_send_server_request Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ber_scanf fmt ({it) ber: Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ber_scanf fmt ({) ber: Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ber_flush2: 31 bytes to sd 13 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_result ld 0xc7e2c0 msgid 1 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: wait4msg ld 0xc7e2c0 msgid 1 (infinite timeout) Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: wait4msg continue ld 0xc7e2c0 msgid 1 all 1 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ** ld 0xc7e2c0 Connections: Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: * host: 1CorpHQ port: 389 (default) Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: refcnt: 2 status: Connected Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: last used: Wed Sep 6 17:02:50 2017 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ** ld 0xc7e2c0 Outstanding Requests: Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: * msgid 1, origid 1, status InProgress Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: outstanding referrals 0, parent count 0 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ld 0xc7e2c0 request count 1 (abandoned 0) Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ** ld 0xc7e2c0 Response Queue: Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: Empty Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ld 0xc7e2c0 response count 0 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_chkResponseList ld 0xc7e2c0 msgid 1 all 1 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_chkResponseList returns ld 0xc7e2c0 NULL Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_int_select Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: read1msg: ld 0xc7e2c0 msgid 1 all 1 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ber_get_next Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ber_get_next: tag 0x30 len 12 contents: Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: read1msg: ld 0xc7e2c0 msgid 1 message type extended-result Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ber_scanf fmt ({eAA) ber: Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: read1msg: ld 0xc7e2c0 0 new referrals Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: read1msg: mark request completed, ld 0xc7e2c0 msgid 1 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: request done: ld 0xc7e2c0 msgid 1 Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <> Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_free_request (origid 1, msgid 1) Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_parse_extended_result Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ber_scanf fmt ({eAA) ber: Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_parse_result Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ber_scanf fmt ({iAA) ber: Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ber_scanf fmt (}) ber: Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_msgfree Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: TLS: could not read certificate file /etc/postfix/new_certs_/ca_cert_ldap.pem - error -5966:Access Denied. Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: TLS: /etc/postfix/new_certs_/ca_cert_ldap.pem is not a valid CA certificate file - error -5966:Access Denied. Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: TLS: could not perform TLS system initialization. Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: TLS: error: could not initialize moznss security context - error -5966:Access Denied Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: TLS: can't create ssl handle. Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: dict_ldap_debug: ldap_err2string Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error Sep 6 17:02:50 1CorpHQ postfix/trivial-rewrite[28815]: warning: ldap:/etc/postfix/virtual_alias_map_ssl_ldapusers: table lookup problem log is telling that ca certificate(which is a self signed certificate) of ldap server is not valid. But i have written c code to search ldap server, which is using same ca certificate is getting executed withot any error. please find the attached ldap ca file. please let me know where am i going wrong. Thanks in advance. -- Thanks & Regards Hyndavi rapuru Member( Research Staff) Central Research Laboratory Bharat Electronics Ltd Jalahalli Bangalore- 560 013 Int Ph No: 134 Off Ph No: 080-28381125 Off Fax No: 28381168 कागज़ के 3000 पन्नों के लिए एक पेड़ को काटा जाता है... पेड़ बचाएँ... पेड़ों का संरक्षण करें... हरियाली लाएँ... इस मेल का या इसकी किसी फाइल का प्रिंट तब तक न लें जब तक सचमुच ज़रूरत न हो !!!! Every 3000 Sheets of paper costs us a tree.. Save trees... Conserve Trees. Don't print this email or any Files unless you really need to!!!! Confidentiality Notice/गोपनीय सूचना इस इलेक्ट्रॉनिक संदेश में शामिल जानकारी और इस संदेश के साथ दिया गया संलग्नक केवल प्रेषिती के अनन्य इस्तेमाल के लिए है और इसमें गोपनीय या विशेषाधिकार प्राप्त जानकारी शामिल हो सकती है । यदि आप आशयित प्राप्तकर्ता नहीं हैं, तो कृपया तुरंत भारत इलेक्ट्रॉनिक्स के प्रेषक को बताएँ या supp...@bel.co.in पर मेल द्वारा सूचित करें और इस संदेश की सभी प्रतियाँ और उसके साथ लगे संलग्नकों को नष्ट कर दें । The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Bharat Electronics or supp...@bel.co.in immediately and destroy all copies of this message and any attachments. कागज़ के 3000 पन्नों के लिए एक पेड़ को काटा जाता है... पेड़ बचाएँ... पेड़ों का संरक्षण करें... हरियाली लाएँ... इस मेल का या इसकी किसी फाइल का प्रिंट तब तक न लें जब तक सचमुच ज़रूरत न हो !!!! Every 3000 Sheets of paper costs us a tree.. Save trees... Conserve Trees. Don't print this email or any Files unless you really need to!!!! Confidentiality Notice/गोपनीय सूचना इस इलेक्ट्रॉनिक संदेश में शामिल जानकारी और इस संदेश के साथ दिया गया संलग्नक केवल प्रेषिती के अनन्य इस्तेमाल के लिए है और इसमें गोपनीय या विशेषाधिकार प्राप्त जानकारी शामिल हो सकती है । यदि आप आशयित प्राप्तकर्ता नहीं हैं, तो कृपया तुरंत भारत इलेक्ट्रॉनिक्स के प्रेषक को बताएँ या supp...@bel.co.in पर मेल द्वारा सूचित करें और इस संदेश की सभी प्रतियाँ और उसके साथ लगे संलग्नकों को नष्ट कर दें । The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Bharat Electronics or supp...@bel.co.in immediately and destroy all copies of this message and any attachments.
ca_cert_ldap.pem
Description: application/x509-ca-cert
