Hello

I inherited an 1.6.2 OPENLDAP edition of iRedMail running on Ubuntu 20.04.5.  I have followed the instructions about using a bought certificate to implement secure ldaps. 

Using the ldapsearch utility, I can enumerate all of the accounts in my users OU within AD when connecting with LDAPS on port 636.  I believe my cert and cert chain are all valid.  (I can also securely connect to the web front end using https with the same certificate)

The problems start when I use the postmap command.  I noticed that the ldap_url_parse_ext(ldap://mydomain.com:636) just has ldap:// not ldaps:// but I don't know why.  I think I have my slapd configured properly but I'm not sure tbh.

Here is the entire output - I've removed references to my domain name and tcp/ip addresses:

postmap: dict_ldap_debug: ldap_create
postmap: dict_ldap_debug: ldap_url_parse_ext(ldap://mydomain.com:636)
postmap: dict_ldap_debug: ldap_extended_operation_s
postmap: dict_ldap_debug: ldap_extended_operation
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_new_connection 1 1 0
postmap: dict_ldap_debug: ldap_int_open_connection
postmap: dict_ldap_debug: ldap_connect_to_host: TCP mydomain.com:636
postmap: dict_ldap_debug: ldap_new_socket: 4
postmap: dict_ldap_debug: ldap_prepare_socket: 4
postmap: dict_ldap_debug: ldap_connect_to_host: Trying x.x.x.x:636
postmap: dict_ldap_debug: ldap_pvt_connect: fd: 4 tm: 10 async: 0
postmap: dict_ldap_debug: ldap_ndelay_on: 4
postmap: dict_ldap_debug: attempting to connect:
postmap: dict_ldap_debug: connect errno: 115
postmap: dict_ldap_debug: ldap_int_poll: fd: 4 tm: 10
postmap: dict_ldap_debug: ldap_is_sock_ready: 4
postmap: dict_ldap_debug: ldap_ndelay_off: 4
postmap: dict_ldap_debug: ldap_pvt_connect: 0
postmap: dict_ldap_debug: ldap_open_defconn: successful
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({) ber:
postmap: dict_ldap_debug: ber_flush2: 31 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0x56468a676680 msgid 1
postmap: dict_ldap_debug: wait4msg ld 0x56468a676680 msgid 1 (infinite timeout)
postmap: dict_ldap_debug: wait4msg continue ld 0x56468a676680 msgid 1 all 1
postmap: dict_ldap_debug: ** ld 0x56468a676680 Connections:
postmap: dict_ldap_debug: * host: mydomain.com  port: 636  (default)
postmap: dict_ldap_debug:   refcnt: 2  status: Connected
postmap: dict_ldap_debug:   last used: Fri Nov  4 18:24:15 2022
postmap: dict_ldap_debug:
postmap: dict_ldap_debug: ** ld 0x56468a676680 Outstanding Requests:
postmap: dict_ldap_debug:  * msgid 1,  origid 1, status InProgress
postmap: dict_ldap_debug:    outstanding referrals 0, parent count 0
postmap: dict_ldap_debug:   ld 0x56468a676680 request count 1 (abandoned 0)
postmap: dict_ldap_debug: ** ld 0x56468a676680 Response Queue:
postmap: dict_ldap_debug:    Empty
postmap: dict_ldap_debug:   ld 0x56468a676680 response count 0
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x56468a676680 msgid 1 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x56468a676680 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x56468a676680 msgid 1 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ldap_err2string
postmap: error: dict_ldap_connect: Unable to set STARTTLS: -1: Can't contact LDAP server
postmap: fatal: table ldap:/etc/postfix/ad_virtual_mailbox_maps.cf: query error: Connection reset by peer