[Pkg-openldap-devel] Bug#477396: slapd: TLS Connections fail when using valid wildcard certificate and compiled against gnutls

Ben Goldsbury debian_bug_reports at gleim.com
Tue Apr 22 21:53:59 UTC 2008

Package: slapd
Version: 2.4.7-6.1
Severity: important

When using a valid wildcard certificate, clients fail to connect to the ldap server with the error:
TLS certificate verification: Error, unable to get local issuer certificate

Without changing the configuration, and reverting to slapd 2.3 (from Etch), clients work fine with this certificate.

I also grabbed the openldap source package and recompiled it against openssl (instead of gnutls) and it worked fine with the same configuration.

This is my first bug report.  I'll be happy to provide any additional information you may require to investigate.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-6-xen-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages slapd depends on:
ii  adduser                  3.107           add and remove users and groups
ii  coreutils                6.10-3          The GNU core utilities
ii  debconf [debconf-2.0]    1.5.20          Debian configuration management sy
ii  libc6                    2.7-10          GNU C Library: Shared libraries
ii  libdb4.2                 4.2.52+dfsg-4   Berkeley v4.2 Database Libraries [
ii  libgnutls26              2.2.2-1         the GNU TLS library - runtime libr
ii  libldap-2.4-2            2.4.7-6.1       OpenLDAP libraries
ii  libltdl3                 1.5.26-3        A system independent dlopen wrappe
ii  libperl5.8               5.8.8-12        Shared Perl library
ii  libsasl2-2               2.1.22.dfsg1-18 Cyrus SASL - authentication abstra
ii  libslp1                  1.2.1-7.2       OpenSLP libraries
ii  libwrap0                 7.6.q-15        Wietse Venema's TCP wrappers libra
ii  perl [libmime-base64-per 5.8.8-12        Larry Wall's Practical Extraction 
ii  psmisc                   22.6-1          Utilities that use the proc filesy
ii  unixodbc                 2.2.11-16       ODBC tools libraries

Versions of packages slapd recommends:
ii  libsasl2-modules         2.1.22.dfsg1-18 Cyrus SASL - pluggable authenticat

-- debconf information excluded

More information about the Pkg-openldap-devel mailing list