1 Topic by johnhart96

  • johnhart96
  • Member
  • Offline
  • Registered: 2021-07-20
  • Posts: 6

Topic: How do you enable ldaps on tcp/636?

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.4.2
- Deployed with iRedMail Easy or the downloadable installer?: Downloadable installer
- Linux/BSD distribution name and version: Debian 10
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): N/A
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi All,

I have an install of iRedMail without a webserver. I have my LDAP protected by UFW. But I am looking to enable LDAPS on port 636 so that I can have external services connect to the directory. I am struggling to find a solution to how todo this. I have already added the TLSCertificateFile and TLSCertificateKeyFile in /etc/ldap/slapd.conf.

Anyone know how I continue getting this enabled?

Thanks

John

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,768

Re: How do you enable ldaps on tcp/636?

- Buy or get a free ssl cert. e.g. https://docs.iredmail.org/letsencrypt.html
- Update slapd.conf to use the valid ssl cert.
- Update parameter "SLAPD_SERVICES" in /etc/default/slapd, make sure it contains "ldaps:///" (three `/`).
- Restart openldap service.
- Update firewall rule to make sure port 636 is open.