Bug#381788: [Pkg-openldap-devel] Bug#381788: slapd: TLS connections fail when running as non-root

Matthijs Mohlmann matthijs at cacholong.nl
Tue Aug 8 20:16:22 UTC 2006


On Mon, 07 Aug 2006 19:38:06 -0600
"Berg, Michael" <michaeljberg at gmail.com> wrote:

> >> And just for completeness, here are the contents of my ldap.conf file
> >> ==========
> >> BASE	dc=mydomain,dc=dyndns,dc=org
> >> URI	ldap://ldap.mydomain.dyndns.org
> >> TLS_CIPHER_SUITE	HIGH:!ADH
> >> TLS_CACERT		/etc/ssl/certs/mydomain.dyndns.org_CA.pem
> >> TLS_REQCERT		demand
> >> TLS_CRLCHECK		none
> >> ==========
> >>
> > This is the complete content of ldap.conf on the clients ?
> 
> Those are the only uncommented lines in my ldap.conf files.
> 
> 
> >> I even tried purging slapd, reinstalling it, and re-populating it from scratch
> >> (I didn't just reload a DB backup).
> >>
> >> The fresh install worked fine as non-root until a reboot - at which point the
> >> problem described above returned and TLS connections fail.
> >>
> > That's strange.
> 
> I thought so too.
> 
> 
> > Can you please send the output of: ldapsearch -x -ZZ -d 7
> 
> Output is attached.

Thanks for the output, but I still don't see why it's failing. The only thing I see on the OpenLDAP mailinglist about this is when you connect on the SSL port and try to do starttls.

Can somebody with some more SSL knowledge comment here ?

Regards,

Matthijs Mohlmann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20060808/95e2d4aa/signature-0001.pgp


More information about the Pkg-openldap-devel mailing list