[Pkg-openldap-devel] Bug#478883: Bug#478883: Bug#478883: I have the same bug

Steve Langasek vorlon at debian.org
Tue Jul 15 23:17:19 UTC 2008 

On Tue, Jul 15, 2008 at 11:00:30AM +0200, Michael Kiefer wrote:
> Am Montag 14 Juli 2008 schrieb Steve Langasek:
> > On Mon, Jul 14, 2008 at 05:56:52PM +0200, Michael Kiefer wrote:
> > > With lenny both as server and client, I get the same bug here. The first
> > > thing that I discovered not working was syncrepl between two servers.
> > > Then I noticed that ldapsearch also is not working:

> > So, can you provide the requested slapd.conf from the server so that I can
> > try to reproduce and debug this?

> There is no slapd.conf any more. I have attached the cn=config tree instead.

> > This at least appears to be the same error message as the original bug
> > submitter.

> > The bug report you're following up to is about a failure to connect from
> > ldap-utils.  Ubuntu 7.10 doesn't ship ldap-utils 2.4.7; if you're having a
> > *general* problem connecting to your server from all TLS-based clients,
> > then I think you have a configuration problem, not a bug in ldap-utils.  (I
> > don't think this is a server bug either, because the TLS support has been
> > tested to work already in a variety of configurations.)
> The problem is that this already has been working once. And when trying to 
> connect manually with openssl s_client, there are no error messages.


<snip>

> olcTLSCACertificateFile: /etc/ldap/certs/cacert.pem
> olcTLSCertificateFile: /etc/ldap/certs/certfile.crt
> olcTLSCertificateKeyFile: /etc/ldap/certs/keyfile.key
> olcTLSVerifyClient: demand 

<snip>

This shows that client SSL certificates are required by the server.  What
does your /etc/ldap/ldap.conf look like, and what arguments are you using
when calling openssl s_client for testing?

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org

More information about the Pkg-openldap-devel mailing list