[Pkg-openldap-devel] Bug#784179: slapd: libnet-ldap-perl fails to communicate with slapd using start_tls for TLSCipherSuite SECURE256

Christian Ospelkaus cospelka at afs2.iqo.uni-hannover.de
Sun May 3 21:39:05 UTC 2015 

Package: slapd
Version: 2.4.40+dfsg-1
Severity: normal

Dear Maintainer,

The perl module Net::LDAP in jessie fails to talk to an slapd on jessie using 
start_tls. Net::LDAP in jessie can, however, talk to an slapd running on 
wheezy. The reason is probybly that Net::LDAP ends up relying on OpenSSL, while
slapd is built using gnutls. Since it used to work under wheezy, I assume there 
is some change in gnutls or slapd that prevents it from working now. What 
CipherSuite should I be using? Thanks,

Christian

Sample code:

#!/usr/bin/perl
use Net::LDAP;
$ldap = Net::LDAP->new( 'my_ldap_server', port => 389) or die "$@";
$mesg = $ldap->bind ;    # an anonymous bind
$mesg = $ldap->start_tls(verify => 'none' );
if ($mesg->is_error()) {
  die "The connection to the LDAP server cannot be encrypted (SSL/TLS startup failure).\n";
}
$mesg = $ldap->unbind;

-- System Information:
Debian Release: 8.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages slapd depends on:
ii  adduser                     3.113+nmu3
ii  coreutils                   8.23-4
ii  debconf [debconf-2.0]       1.5.56
ii  libc6                       2.19-18
ii  libdb5.3                    5.3.28-9
ii  libgnutls-deb0-28           3.3.8-6
ii  libldap-2.4-2               2.4.40+dfsg-1
ii  libltdl7                    2.4.2-1.11
ii  libodbc1                    2.3.1-3
ii  libperl5.20                 5.20.2-3
ii  libsasl2-2                  2.1.26.dfsg1-13
ii  libslp1                     1.2.1-10
ii  libwrap0                    7.6.q-25
ii  lsb-base                    4.1+Debian13+nmu1
ii  multiarch-support           2.19-18
ii  perl [libmime-base64-perl]  5.20.2-3
ii  psmisc                      22.21-2

Versions of packages slapd recommends:
ii  libsasl2-modules  2.1.26.dfsg1-13

Versions of packages slapd suggests:
ii  ldap-utils                   2.4.40+dfsg-1
ii  libsasl2-modules-gssapi-mit  2.1.26.dfsg1-13

-- Configuration Files:
/etc/default/slapd changed [not included]

-- debconf information:
  slapd/allow_ldap_v2: false
  slapd/invalid_config: true
  slapd/dump_database: when needed
  slapd/move_old_database: true
  shared/organization: iqo.uni-hannover.de
  slapd/password_mismatch:
  slapd/domain: iqo.uni-hannover.de
  slapd/upgrade_slapcat_failure:
  slapd/dump_database_destdir: /var/backups/slapd-VERSION
  slapd/unsafe_selfwrite_acl:
  slapd/backend: HDB
* slapd/no_configuration: true
  slapd/purge_database: false

More information about the Pkg-openldap-devel mailing list