Today, I updated two of my production servers after 2-3 months. Unfortunately, the mailserver login which uses OpenLDAP for AAA stopped working. I'm using Let's Encrypt for SSL certificate generation. One of these servers has been working for years as it was working up to this morning with the same configurations intact.
Here is my /var/log/maillog:
Even a simple ldapsearch won't work anymore:
Here is the full log when I run slapd daemon in verbose mode:
Full log from pastebin: https://pastebin.com/EC13xPAY
I'll appreciate your help. Thank you so much.
Here is my /var/log/maillog:
Code:
Aug 4 13:42:59 babaei dovecot: auth: Error: LDAP /usr/local/etc/dovecot/ldap.conf: ldap_start_tls_s() failed: Can't contact LDAP server
Aug 4 13:43:01 babaei dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<email@example.com>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS, session=<UY/crO1VuqfHMIWG>
Aug 4 13:43:03 babaei dovecot: auth: Error: LDAP /usr/local/etc/dovecot/ldap.conf: ldap_start_tls_s() failed: Can't contact LDAP server
Aug 4 13:43:05 babaei dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<email@example.com>, method=PLAIN, rip=94.100.185.205, lip=xxx.xxx.xxx.xxx, TLS: Disconnected, session=<K3UVre1VuqNeZLnN>
Even a simple ldapsearch won't work anymore:
Code:
$ ldapsearch -cxWD "cn=root,dc=example,dc=com" -b 'dc=example,dc=com' '(cn=root)'
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Here is the full log when I run slapd daemon in verbose mode:
Code:
$ /usr/local/libexec/slapd -V -h "ldap:/// ldaps:///" -u ldap -g ldap -d -1
.
.
.
TLS trace: SSL3 alert read:fatal:unknown CA
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept: error:14035418:SSL routines:ACCEPT_SR_CERT:tlsv1 alert unknown ca
.
.
.
Full log from pastebin: https://pastebin.com/EC13xPAY
I'll appreciate your help. Thank you so much.