Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: openSUSE 11.4 MAIL Server + LDAP

  1. #1
    Join Date
    Dec 2009
    Location
    Moldova
    Posts
    129

    Default openSUSE 11.4 MAIL Server + LDAP

    Hello, I have successfully set LDAP server with TLS but yast mail module or LDAP browser can not connect because of following error:

    I have tried to add:
    1. in /etc/openldap/ldap.conf
    Code:
    tls_cacert      /etc/ssl/certs/YaST-CA.pem
    TLS_REQCERT     allow
    2. in /etc/ldap.conf
    Code:
    tls_checkpeer   no
    but this didn't help

    Does somebody has/solved this problem?

  2. #2
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    16,873

    Default Re: openSUSE 11.4 MAIL Server + LDAP

    On Sat, 19 Mar 2011 12:06:01 +0000, isemionov wrote:

    > but this didn't help
    >
    > Does somebody has/solved this problem?


    Maybe a silly question, but after making those changes, did you restart
    both services?

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  3. #3
    Join Date
    Dec 2009
    Location
    Moldova
    Posts
    129

    Default Re: openSUSE 11.4 MAIL Server + LDAP

    Hi Jim,

    yes of course, I even restarted the machine.
    Finally it works and without encryption, but this makes me fool because I have spent some days and without success.
    The same actions I have tried on SLES 11 (with virtualbox) and it works without any problem but not on openSUSE...

    Quote Originally Posted by hendersj View Post
    On Sat, 19 Mar 2011 12:06:01 +0000, isemionov wrote:

    > but this didn't help
    >
    > Does somebody has/solved this problem?


    Maybe a silly question, but after making those changes, did you restart
    both services?

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at openSUSE Forums FAQ

  4. #4
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    16,873

    Default Re: openSUSE 11.4 MAIL Server + LDAP

    On Sat, 19 Mar 2011 17:06:02 +0000, isemionov wrote:

    > yes of course, I even restarted the machine.


    I thought you probably had, but having done online support for many
    years, I've found that often it's the case that it's something simple
    that's been missed. I'm glad that isn't the case here. :-)

    > Finally it works and
    > without encryption, but this makes me fool because I have spent some
    > days and without success. The same actions I have tried on SLES 11
    > (with virtualbox) and it works without any problem but not on
    > openSUSE...


    Anything recorded in any of the relevant log files related to the failure?

    Another thought - did you import the certificate's info into the
    certificate store? (I actually ran into this recently configuring a
    service to use LDAP on OES2, and I got a very similar error message to
    what you're getting, and the only way was to import the self-signed
    certificate into the certificate store used by the Java instance I was
    working with).

    Jim

    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  5. #5
    Join Date
    Dec 2009
    Location
    Moldova
    Posts
    129

    Default Re: openSUSE 11.4 MAIL Server + LDAP

    Anything recorded in any of the relevant log files related to the failure?
    there is nothing related in /var/log/messages


    Another thought - did you import the certificate's info into the
    certificate store? (I actually ran into this recently configuring a
    service to use LDAP on OES2, and I got a very similar error message to
    what you're getting, and the only way was to import the self-signed
    certificate into the certificate store used by the Java instance I was
    working with).
    I was thinking about something like this but I have no idea how it can be done for Yast modules that are not java applications.

  6. #6
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    16,873

    Default Re: openSUSE 11.4 MAIL Server + LDAP

    On Sat, 19 Mar 2011 18:36:01 +0000, isemionov wrote:

    >> Anything recorded in any of the relevant log files related to the
    >> failure?

    > there is nothing related in /var/log/messages
    >
    >
    >> Another thought - did you import the certificate's info into the
    >> certificate store? (I actually ran into this recently configuring a
    >> service to use LDAP on OES2, and I got a very similar error message to
    >> what you're getting, and the only way was to import the self-signed
    >> certificate into the certificate store used by the Java instance I was
    >> working with).

    > I was thinking about something like this but I have no idea how it can
    > be done for Yast modules that are not java applications.


    I'm thinking that there's got to be a certificate store that the mail
    server is using - that would be where it would need to be added.

    Guessing that you're using postfix?

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  7. #7
    Join Date
    Dec 2009
    Location
    Moldova
    Posts
    129

    Default Re: openSUSE 11.4 MAIL Server + LDAP

    Actually the problem is the connection of standard yast mail administration module using tls.
    If i'm setting ldap client to not use tls then the connections is ok.
    And mail server (standard YaST+postfix+Cyrus+LDAP) works OK and can be accessed with TLS also.
    The same for ldap browser, it tries to connect using tls, fails and asks if I want to try without tls and if I answer yes then the connection is OK.
    The same behavior for user and groups administration module
    i.e. the problem is only in yast modules making ldap connection using tls - they can not accept self generated certificates.
    But this is very strange for me as far in SLES 11 it works and there the same idea is used.
    I do not understand.
    Quote Originally Posted by hendersj View Post
    On Sat, 19 Mar 2011 18:36:01 +0000, isemionov wrote:

    >> Anything recorded in any of the relevant log files related to the
    >> failure?

    > there is nothing related in /var/log/messages
    >
    >
    >> Another thought - did you import the certificate's info into the
    >> certificate store? (I actually ran into this recently configuring a
    >> service to use LDAP on OES2, and I got a very similar error message to
    >> what you're getting, and the only way was to import the self-signed
    >> certificate into the certificate store used by the Java instance I was
    >> working with).

    > I was thinking about something like this but I have no idea how it can
    > be done for Yast modules that are not java applications.


    I'm thinking that there's got to be a certificate store that the mail
    server is using - that would be where it would need to be added.

    Guessing that you're using postfix?

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at openSUSE Forums FAQ

  8. #8
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    16,873

    Default Re: openSUSE 11.4 MAIL Server + LDAP

    On Sat, 19 Mar 2011 21:36:01 +0000, isemionov wrote:

    > Actually the problem is the connection of standard yast mail
    > administration module using tls.


    That is strange. You might want to file a bug on that, somehow I didn't
    see that the issue wasn't the Postfix->LDAP connection but the admin tool.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  9. #9
    Join Date
    Dec 2009
    Location
    Moldova
    Posts
    129

    Default Re: openSUSE 11.4 MAIL Server + LDAP

    Hello,

    if somebody is interested, finally I have found the solution:
    1. In LDAP Client click on "Download CA Certificate" and indicate the url (I have put it on local web server)

    2. it creates directory /etc/openldap/cacerts/ and in adds in /etc/openldap/ldap.conf:
    Code:
    TLS_CACERTDIR   /etc/openldap/cacerts/
    and copies here the CA certificate.

    3. in address of LDAP server the same name must be indicated as in server sertificate (otherwise an error will be raised about it do not coincide)

    after this LDAP connection, using TLS, of each Yast module (mail server module, user and group managemnt module, LDAP browser) is OK !

    I think it can be done manually also (create /etc/openldap/cacerts/, copy here the certificate and adding TLS_CACERTDIR in ldap.conf)

    Uhh! after a lot of headache it finally works !

  10. #10
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    16,873

    Default Re: openSUSE 11.4 MAIL Server + LDAP

    On Sun, 20 Mar 2011 20:36:02 +0000, isemionov wrote:

    > if somebody is interested, finally I have found the solution


    Fantastic - thanks for updating the thread with what you found. :-)

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •