1 Topic by hits

  • hits
  • Member
  • Offline
  • Registered: 2020-04-27
  • Posts: 29

Topic: Unable to configure ssl on ldap

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.1
- Deployed with iRedMail Easy or the downloadable installer? Downloadable installer
- Linux/BSD distribution name and version: Ubunut 18
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx):nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hello Sir,

I have gone through your online forums, but unable to install the ssl cert on base domain of ldap.
When i replace the certificate slapd won't start., my mailing domain i hosted as virtual domain, and now trying to install ssl cert on ldap base domain.. What i am doing wrong here...can you please help me here.

Logs are below :
Jan  6 21:08:32 mailnw slapd[16380]: @(#) $OpenLDAP: slapd  (Ubuntu) (Nov 16 2020 13:40:57) $#012#011Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
Jan  6 21:08:32 mailnw slapd[16380]: main: TLS init def ctx failed: -1
Jan  6 21:08:32 mailnw slapd[16380]: slapd stopped.
Jan  6 21:08:32 mailnw slapd[16380]: connections_destroy: nothing to destroy.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Unable to configure ssl on ldap

hits wrote:

Jan  6 21:08:32 mailnw slapd[16380]: main: TLS init def ctx failed: -1

It means you don't have correct ssl cert/key files specified in OpenLDAP config file. Please double check.

3 Reply by hits (edited by hits 2021-01-13 16:21:49)

  • hits
  • Member
  • Offline
  • Registered: 2020-04-27
  • Posts: 29

Re: Unable to configure ssl on ldap

Dear Sir,

Sorry for the delay in reply, but i was checking all the ldap iredmail forums and my domain ssl certs before replying, hence delayed..

I will explain from start, i have installed iredmail 1.3.1 with downloadable installer with ldap backend, first i use abc.com for ldap root DN. after that i use my main mailing domain xyz.com as my first virtual domain. and set hostname for server mail.xyz.com, so i have copied ssl certificate of *.xyz.com to iredmail certs path, and it is working fine https:/ /mail.xyz.com/iredmail and webmail URL's, with the same ssl i have enabled the ssl also on ldap and now 636 port is also showing open, but when i am using ldap authentication in one of application there i am able to connect ldap on port 389, but when i change it to 636 it gives me error 504 gateway time out.

So now i have tried installing letsencrypt cert abc.com and replace ssl certs in slapd.conf and ldap.conf file, but unable to start slapd service..

So my question is for ldaps i have to use ssl cert for abc.com only or with ssl cert of xyz.com also work.

Sorry but this issue i am unable to get rid off. Please help me to solve.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Unable to configure ssl on ldap

You didn't get my answer.
It means either you copied wrong ssl cert/key files for OpenLDAP, or openldap daemon user doesn't have permission to read them.