> On 26/06/2025 12:05 EEST Bruno Hertz via dovecot <[email protected]> wrote: > > > On Thu Jun 26, 2025 at 10:32 AM CEST, Aki Tuomi wrote: > > > [snip] > > > > Can you try ldap_sasl_mechanism = EXTERNAL? > > > > As in, try upper casing it. > > > > Aki > > Certainly, Aki, thanks for the suggestion. I tried that before though without > success (actually spent some time tweaking settings, even did straces and so > forth to see if the certificate is actually read, simply because the > authentication process did work in 2.3). > > So I tried again now, applied the change to /etc/dovecot/dovecot.conf, > restartet > the dovecot service and did a quick fetchmail authentication test. The result > is > exactly the same as before: > > slapd reports the incoming connection > slapd[590]: conn=1006 fd=18 ACCEPT from IP=[::1]:38730 (IP=[::]:636) > but dovecot logs the same message as it previously did, and fetchmail times > out > dovecot: auth: Error: ldap(ldaps://localhost.quasi.internal:636): binding > failed (dn (none)): Unknown authentication method, SASL(-4): no mechanism > available: > > So the behavior is completely independent from the capitalization of the word > external. > > Greetings, Bruno > _______________________________________________ > dovecot mailing list -- [email protected] > To unsubscribe send an email to [email protected]
The problem here is that the error is coming from your LDAP server. It does not want to do SASL EXTERNAL. Are you able to run your LDAP server in debug mode to see why it refuses this? Aki _______________________________________________ dovecot mailing list -- [email protected] To unsubscribe send an email to [email protected]
