Bug#411042: Info received (Bug#411042: [Pkg-samba-maint] Bug#411042:
samba -dosen't connect to OpenLDAP)
Mgr. Peter Tuharsky
tuharsky at misbb.sk
Mon Mar 5 13:57:49 CET 2007
> What is the cn in the SSL certificate being used by the LDAP server? It
> seems odd that this would work at all with start tls, unless your SSL
> certificate was set up oddly.
This is the beginning of the /etc/ldap/slapd-cert-ldap1.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=SK, ST=Slovakia, L=Banska Bystrica, O=Mesto,
OU=Referat informatiky, CN=ldap2.misbb.sk/emailAddress=hlavaty at misbb.sk
Validity
Not Before: May 2 14:13:55 2004 GMT
Not After : May 2 14:13:55 2005 GMT
Subject: C=SK, ST=Slovakia, L=Banska Bystrica, O=Mesto,
OU=Referat informatiky, CN=ldap1.misbb.sk/emailAddress=hlavaty at misbb.sk
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
It seems, that certificate is expired already. However, there are some
questionable circumstances:
1, it has been working alright before, few weeks ago, on Sarge
2, it works even now for samba if localhost is specified (as mentioned
before).
3, linux clients with LDAP authentication don't comply
4, AFAIK, samba on client dosen't comply (need to prove)
5, eGroupWare webserver with LDAP user authentication dosen't comply
6, if the date of certificate was the right problem here, one would
assume that someone would complain loudly with "certificate out of date"
and end up regulary
> Hrm, odd. Are there any previous errors, possibly at a higher debug
> level? If this is on the LDAP socket, it suggests some pretty big
> brokenness.
>
Please, suggest the right debug level that I should use.
Peter
More information about the Pkg-samba-maint
mailing list