Topic: iredapd & iredadmin - ldap tls support
We are using a customed version of a mail infrastructure based on iredmail. We are keeping the ldap server on a different server then the mail server.
We've noticed that iredapd and iredadmin are not starting a tls connection when the ldap server url is set to start with ldaps://.
Using ldaps:// to set TLS options doesn't work because I think it tries a ssl connection automatically. In order to start the tls connection we've added the start_tls_s() function (conn.start_tls_s()) right after ldap.initialize(). Now, when using ldap://, the tls connection is started and data is secured. Setting options like OPT_X_TLS_REQUIRE_CERT, OPT_X_TLS, OPT_X_TLS_DEMAND doesn't seem to have any influence.
I hope this will help you modify your applications to support tls.
Get fast and professional support from iRedMail developers: