[RCU] roundcube ldaps addressbook

Benny Pedersen me at junc.eu
Fri Sep 4 19:08:15 CEST 2015


Sundeep Singh Nanuwa skrev den 2015-09-04 16:11:

>>>> I want configure LDAP address book lookup, I have added the relevant
>>>> info in main.inc.php using ldaps port 636 but I get the following 
>>>> error
>>>> Sep  3 11:29:49 slapd[24950]: conn=22120 fd=19 closed (TLS 
>>>> negotiation
>>>> failure)

> ldap support tls

does this work in thunderbird ?

>> but it can aswell be ldap auth login not working ?
>> just check tls fails first
> tls fails

so ldap support tls ?

> ldap_start_tls(): Unable to start TLS: Can't contact LDAP server
>> is ldaps port 636 ?
> yes

so roundcube need to use STARTTLS just like it should with submission ?

or is it LDAPS before content is sent ?

possible ldaps need same ssl fixes just like imaps/smtps with verify 
peer certs ?

>> does it work if using ldap port ?
>> does your ldap server supports both ?
> yes

good

>> sadly i have more questions here, would like to know how to make 
>> thunderbird ldap work aswell for addressbooks, mozilla is not very 
>> helpfull there :/

> I have address book working in Thunderbird using my ldap host and port 
> 636.
> 
> Does the ldap server need to be localhost for it to work with roundcube 
> server?

possible to get a mozilla link for the ldif setup or a copy from you 
that works from thunderbird ?, i have tryed to get it from mozilla, but 
still not found any info on it :(

for localhost i just say ssl/tls does not prevent data leaks since 
trafic is local, so all in all, use ssl/tls if outside of roundcube and 
openldap servere connections is used, same goes for thunderbird

just one thing left is that localhost can still be tcppdumped from unix 
users if its not socket with /path/to/socket eg inet socket is more 
unsecure if there is login users

hopefully i am right in that point


More information about the users mailing list