[Pkg-openldap-devel] Bug#563113: slapd.conf(5) man page patch

Peter Marschall peter at adpm.de
Thu Apr 15 07:39:07 UTC 2010 

Package: slapd
Severity: normal
Tags: patch

Hi,

I wrote a small patch for the slapd.conf(5) man page.
Please find it attached.

In addition to that I can confirm that the bug does not occur
in OpenDLAP 2.4.21 (tested with 
	TLSCipherSuite          NORMAL:!AES-128-CBC
in slapd.conf).

I did not test with earlier versions, but according to the code in tls_g.c
the calls to gnutls_priority_init() were already in when 2.4.17 was released.
So, I am quite confident the problem was already solved with OpenLDAP 2.4.17.

Best regards
Peter


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages slapd depends on:
ii  adduser                   3.112          add and remove users and groups
ii  coreutils                 7.4-2          The GNU core utilities
ii  debconf [debconf-2.0]     1.5.30         Debian configuration management sy
ii  libc6                     2.10.2-6       Embedded GNU C Library: Shared lib
ii  libdb4.7                  4.7.25-9       Berkeley v4.7 Database Libraries [
ii  libgnutls26               2.8.6-1        the GNU TLS library - runtime libr
ii  libldap-2.4-2             2.4.21-0pm1    OpenLDAP libraries
ii  libltdl7                  2.2.6b-2       A system independent dlopen wrappe
ii  libperl5.10               5.10.1-11      shared Perl library
ii  libsasl2-2                2.1.23.dfsg1-5 Cyrus SASL - authentication abstra
ii  libslp1                   1.2.1-7.6      OpenSLP libraries
ii  libwrap0                  7.6.q-18       Wietse Venema's TCP wrappers libra
ii  lsb-base                  3.2-23         Linux Standard Base 3.2 init scrip
ii  perl [libmime-base64-perl 5.10.1-11      Larry Wall's Practical Extraction 
ii  psmisc                    22.10-1        utilities that use the proc file s
ii  unixodbc                  2.2.11-21      ODBC tools libraries

Versions of packages slapd recommends:
ii  libsasl2-modules          2.1.23.dfsg1-5 Cyrus SASL - pluggable authenticat

Versions of packages slapd suggests:
ii  ldap-utils                   2.4.21-0pm1 OpenLDAP utilities

-- debconf information excluded
-------------- next part --------------
--- openldap-2.1.21/doc/man/man5/slapd.conf.5
+++ openldap-2.1.21/doc/man/man5/slapd.conf.5	2010-04-14 19:19:21.000000000 +0200
@@ -1029,22 +1029,37 @@
 .TP
 .B TLSCipherSuite <cipher-suite-spec>
 Permits configuring what ciphers will be accepted and the preference order.
-<cipher-suite-spec> should be a cipher specification for OpenSSL.  Example:
-
+<cipher-suite-spec> should be a cipher specification for OpenSSL resp. GNUtls.
+Example:
+.RS
+.RS
+.TP
+.I OpenSSL:
 TLSCipherSuite HIGH:MEDIUM:+SSLv2
+.TP
+.I GNUtls:
+TLSCiphersuite SECURE256:!AES-128-CBC
+.RE
 
-To check what ciphers a given spec selects, use:
+To check what ciphers a given spec selects in OpenSSL, use:
 
 .nf
 	openssl ciphers \-v <cipher-suite-spec>
 .fi
 
-To obtain the list of ciphers in GNUtls use:
+With GNUtls the available specs can be found in the manual page of 
+.BR gnutls\-cli (1)
+(see the description of the 
+option
+.BR \-\-priority ).
+
+In older versions of GNUtls, where gnutls\-cli does not support the option
+\-\-priority, you can obtain the \(em more limited \(em list of ciphers by calling:
 
 .nf
-	gnutls-cli \-l
+	gnutls\-cli \-l
 .fi
-
+.RE
 .TP
 .B TLSCACertificateFile <filename>
 Specifies the file that contains certificates for all of the Certificate
@@ -1904,6 +1919,7 @@
 default slapd configuration file
 .SH SEE ALSO
 .BR ldap (3),
+.BR gnutls\-cli (1),
 .BR slapd\-config (5),
 .BR slapd.access (5),
 .BR slapd.backends (5),

More information about the Pkg-openldap-devel mailing list