[Pkg-openldap-devel] Bug#462588: Fails to start slapd ldaps:/// on upgrade
Niccolo Rigacci
niccolo at rigacci.org
Fri Feb 1 13:05:58 UTC 2008
I confirm that ldpas broke after upgrade.
This is the workaround in my case:
1) Commented out TLSCipherSuite from /etc/ldap/slapd.conf so it
picks-up the defaults.
2) Changed TLS_REQCERT from "allow" to "never" into
/etc/ldap/ldap.conf.
The clients connect to a name which is different from the
commonName stated into the self signed certificate.
However this is strange beacuse LDAP.CONF(5) states that
TLS_REQCERT "allow" means:
The server certificate is requested. If no certificate is
provided, the session proceeds normally. If a bad certificate
is provided, it will be ignored and the session proceeds normally.
But the session does not proceeds normally, even if I add
a subjectAltName into the certificate.
--
Niccolo Rigacci
Firenze - Italy
More information about the Pkg-openldap-devel
mailing list