Hi, I would like to ask those who are familiar with ldap bit more than me:
I have a edge spam filter (relay) and we use relay_recipients table, I am trying to suck users to this table, however I can't bind zimbra via ldaps .. I can verify
PHP Code:
openssl s_client -connect zimbra.domain.com:636
so I have connection to 636, trying to execute (on spam filter)
PHP Code:
ldapsearch -x -H ldaps://zimbra.domain.com -W -D "uid=zimbra,cn=admins,cn=zimbra" -v -d 255
Enter LDAP Password:
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP zimbra.domain.no:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 172.16.1.2:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_err2string
ldap_sasl_bind(SIMPLE): Cant contact LDAP server (-1)
my /etc/ldap/ldap.conf on spam filter server is
PHP Code:
BASE dc=domain,dc=com
URI ldaps://zimbra.domain.com
#ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_CACERT /etc/ldap/tls-cert/ca.pem
where ca.pem is file copied from /opt/zimbra/conf/ca/ca.pem from zimbra host to spam filter
...........^^^ I am not sure if this is the file I need for TLS option to ldap.conf, the SSL is configured through Startcom where I got 1st class cert ....
the zimbra host is in default setting, the only thing is that it listens on ldaps (636) configured according to zimbra-wiki
any help or kick would be greatly appreciated!
have another question if it's possible to setup ldap.conf on spam-filer in way that it can query multiple ldap zimbra servers so I can get complete relay_recipient table for all domains!!
TIA! kuda
Bugzilla
Wiki
Source
external "ldaps" query to zimbra 
Linear Mode
