[Pkg-openldap-devel] Bug#478883: Bug#478883: ldap-utils: ldapsearch -x from sid fail
Matt Kassawara
battery at writeme.com
Mon Jun 8 17:45:47 UTC 2009
The error you got from testing with gnutls-cli says GnuTLS on that
particular client probably doesn't like the new certificate. Did you renew
the CA, server, or both certificates? Can you provide your new and old
certificates? On a side note, I recommend migrating from deprecated LDAPS
(port 636) to STARTTLS.
> - Certificate[0] info:
> # The hostname in the certificate does NOT match 'ldap.fi.trl'.
On Mon, Jun 8, 2009 at 10:54 AM, Simone Piccardi <piccardi at truelite.it>wrote:
> Michael Kiefer wrote:
> > On Maandag 08 Juni 2009 16:43:17 Simone Piccardi wrote:
> >> Package: ldap-utils
> >> Version: 2.4.15-1.1
> >> Severity: normal
> >>
> >> ...
> >> so it seems something related to gnutls.
> >>
> >
> > For me it was a misconfiguration. I think I was able to cure it by
> setting
> > olcTLSVerifyClient: never
> >
> > Michael
>
> Sorry, but this is not working. Nothing change using
>
> TLSVerifyClient 0
> TLSVerifyClient 1
> TLSVerifyClient never
>
> in slapd.conf
>
> Simone
> --
> Simone Piccardi Truelite Srl
> piccardi at truelite.it (email/jabber) Via Monferrato, 6
> Tel. +39-347-1032433 50142 Firenze
> http://www.truelite.it Tel. +39-055-7879597 Fax. +39-055-7333336
>
>
>
> _______________________________________________
> Pkg-openldap-devel mailing list
> Pkg-openldap-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-openldap-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20090608/adba93ce/attachment.htm>
More information about the Pkg-openldap-devel
mailing list