[Pkg-openldap-devel] Bug#641720: ldap-utils: OpenLDAP does not work with SSL/TLS encryption -- due to linking against gnutls
Michael Schindler
m-schindler at users.sourceforge.net
Thu Sep 15 12:26:51 UTC 2011
Package: ldap-utils
Version: 2.4.23-7.2
Severity: grave
Justification: renders package unusable
I tried to use the OpenLDAP as a client with a server that uses SSL/TLS
encryption. The connection never worked, it terminated with the error message
TLS: peer cert untrusted or revoked (0x102)
TLS: can't connect: (unknown error code).
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
The certificate of the server has probably been generated using openssl, so I
recompiled the entire OpenLDAP package with the configure option
--with-tls=openssl
(instead of gnutls). This made it work immediately. It is known that gnutls is
badly written anyway
http://www.openldap.org/lists/openldap-devel/200802/msg00072.html
so, please switch to openssl instead of gnutls.
-- System Information:
Debian Release: 6.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages ldap-utils depends on:
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libgnutls26 2.8.6-1 the GNU TLS library - runtime libr
ii libldap-2.4-2 2.4.23-7.2 OpenLDAP libraries
ii libsasl2-2 2.1.23.dfsg1-7 Cyrus SASL - authentication abstra
Versions of packages ldap-utils recommends:
ii libsasl2-modules 2.1.23.dfsg1-7 Cyrus SASL - pluggable authenticat
ldap-utils suggests no packages.
-- no debconf information
More information about the Pkg-openldap-devel
mailing list