(Repost. Looks like the murphy.debian.org gave me a 550 because of Jarles name. I can't see why Norwegian names should give an error. My header look quite right, otherwise. Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit But hey. I'm no mail-guru. ;)
[ Jarle Osmund V�gen ] > Hi! > > > I think some on this list is working with TLS/SSL with slapd 2.1.26-1 (sid). > > if so you should notice this bug report: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=234593 Not enough information. Is the upgrade from 2.0.X to 2.1.26? Is the CA-cert self-signed(or made with self-amde CA)? If so; You'll have to put TLS_CACERT /path/to/your/cacert.pem in the ldap.conf your libraries[*] use. OpenLDAP 2.1 cleans up some of the misfeatures in 2.0. Certificate-handling is one of them(In 2.0 you didn't need the CA-cert in your ldap.conf. The server would pretty much let you in anyway, AFAIR). 2.1 has a stricter policy. I guess this may be unrelated to this bug report[**], but worth mentioning. The bug report doesn't supply enough info, as I said. Side-note: How goes the work of replacing openssl with gnutls? [*] /etc/ldap.conf is only used when OpenLDAP is configured with this path. Some variables are for applications. Others are read by libldap when no other are supplied, and there are some which are for libldap only. Eg. host/uri is read when ldapsearch doesn't get a -h or -H. [**] With no CA-cert in ldap.conf you'll get something like this: [EMAIL PROTECTED]:~/$ ldapsearch -x -h ldap.uio.no -ZZ ldap_start_tls: Connect error (91) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed ldaps on the other hand: [EMAIL PROTECTED]:~/Download$ ldapsearch -x -H ldaps://ldap.uio.no ldap_bind: Can't contact LDAP server (81) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed -- Mathias Meisfjordskar GNU/Linux addict. "If it works; HIT IT AGAIN!"
