[Pkg-openldap-devel] Bug#462588: Fails to start slapd ldaps:/// on upgrade

Fri Jan 25 21:16:30 UTC 2008

Package: slapd
Version: 2.4.7-3+b1
Severity: grave
Justification: renders package unusable

Hi

I have a wokring 2.3.38-1+lenny1 slapd, these are the relevant TLS
config info
# CA information
TLSCACertificateFile /etc/ldap/ssl/ca-certificates.crt
#TLSCACertificatePath /etc/ldap/ssl/
                                                                                                                                     
TLSVerifyClient allow
#TLSVerifyClient demand
#TLSCipherSuite HIGH
TLSCipherSuite HIGH:MEDIUM:+SSLv3
TLSCRLCheck none
TLSCertificateFile
/etc/ldap/ssl/bGRhcC5zYW1hZC5jb20uYXU6Y2EuY29tLmF1OjpBLiBTYW1hZCBQdHkgTHRkOlN5ZG5leTpOU1c6QVU=.pem
TLSCertificateKeyFile
/etc/ldap/ssl/bGRhcC5zYW1hZC5jb20uYXU6Y2EuY29tLmF1OjpBLiBTYW1hZCBQdHkgTHRkOlN5ZG5leTpOU1c6QVU=.une.pem

upon upgrade slapd refused to start tls failure unable to set 

TLSCipherSuite HIGH:MEDIUM:+SSLv2

The only way I could get slapd to start was to comment out
TLSCipherSuite

and then slapd would not accept any ldaps connections

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable'), (100, 'unstable'), (50, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.22-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash