subject:"Bug#568522\: Valid client certificates fail with GNUTLS slapd"

Bug#568522: Valid client certificates fail with GNUTLS slapd

2010-04-28 Thread Timothy Allen


Hi

Apologies for the late reply; I don't seem to have received Sunday or 
Monday's emails.


Initial testing with the new version indicates the problem does seem to 
have been resolved.


Many thanks,

tim



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#568522: Valid client certificates fail with GNUTLS slapd

2010-04-25 Thread Matthijs Möhlmann

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Timothy,

Now that OpenLDAP 2.4.21 has entered unstable, can you confirm this bug
still exists ?

Regards,

Matthijs Mohlmann
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkvUXgYACgkQ2n1ROIkXqbDmfwCfV0sG12y/RYNGiT5cntbGIbwE
LckAoIr6ZbjU2f6DxzuDl//w3rMzzO1X
=Ej7z
-END PGP SIGNATURE-



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#568522: Valid client certificates fail with GNUTLS slapd

2010-02-05 Thread Timothy Allen

Package: slapd
Version: 2.4.11-1+lenny1
Severity: important

I am in the process of replacing expiring client certificates for use with 
SASL/EXTERNAL. Unfortunately every certificate I have generated (including
commerical certificates) has failed when connecting to the slapd server,
 with the following error:

SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)

(The server gives an unable to get TLS client DN error.)

When building OpenLDAP linked against OpenSSL, the problem disappears.

There is also no problem when using the certificates to make a connection 
between gnutls-cli and gnutls-serv. The certificates also work when used
as server certificates in GNUTLS-linked slapd. The only time the certificates
do not work is as client certificates connecting to a GNUTLS-linked slapd
server.


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages slapd depends on:
ii  adduser   3.110  add and remove users and groups
ii  coreutils 6.10-6 The GNU core utilities
ii  debconf [debconf- 1.5.24 Debian configuration management sy
ii  libc6 2.7-18lenny2   GNU C Library: Shared libraries
ii  libdb4.2  4.2.52+dfsg-5  Berkeley v4.2 Database Libraries [
ii  libgnutls26   2.4.2-6+lenny2 the GNU TLS library - runtime libr
ii  libldap-2.4-2 2.4.11-1+lenny1OpenLDAP libraries
ii  libltdl3  1.5.26-4+lenny1A system independent dlopen wrappe
ii  libperl5.10   5.10.0-19lenny2Shared Perl library
ii  libsasl2-22.1.22.dfsg1-23+lenny1 Cyrus SASL - authentication abstra
ii  libslp1   1.2.1-7.5  OpenSLP libraries
ii  libwrap0  7.6.q-16   Wietse Venema's TCP wrappers libra
ii  perl [libmime-bas 5.10.0-19lenny2Larry Wall's Practical Extraction 
ii  psmisc22.6-1 Utilities that use the proc filesy
ii  unixodbc  2.2.11-16  ODBC tools libraries

Versions of packages slapd recommends:
ii  libsasl2-modules  2.1.22.dfsg1-23+lenny1 Cyrus SASL - pluggable authenticat

Versions of packages slapd suggests:
ii  ldap-utils   2.4.11-1+lenny1 OpenLDAP utilities

-- debconf information:
  slapd/password2: (password omitted)
  slapd/internal/adminpw: (password omitted)
  slapd/password1: (password omitted)
  slapd/allow_ldap_v2: false
  slapd/password_mismatch:
  slapd/tlsciphersuite:
  slapd/suffix_change: false
  slapd/invalid_config: true
  shared/organization: maths.ox.ac.uk
  slapd/dump_database_destdir: /var/backups/slapd-VERSION
  slapd/upgrade_slapcat_failure:
  slapd/slurpd_obsolete:
  slapd/purge_database: false
  slapd/domain: maths.ox.ac.uk
  slapd/backend: HDB
  slapd/no_configuration: false
  slapd/move_old_database: true
  slapd/dump_database: when needed



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#568522: Valid client certificates fail with GNUTLS slapd

2010-02-05 Thread Timothy Allen

Incidentally, I have reproduced the problem against the version of slapd 
in unstable.


This is how the client connection was invoked:

ldap3:~# cat .ldaprc
TLS_CACERT  /etc/ssl/certs/ca-certificates.crt
TLS_CERT/root/ldap3.crt
TLS_KEY /root/ldap3.key
TLS_REQCERT demand

ldap3:~# ldapwhoami -ZZH ldap://ldap3.xxx/ -Y EXTERNAL
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)




--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#568522: Valid client certificates fail with GNUTLS slapd

Bug#568522: Valid client certificates fail with GNUTLS slapd

Bug#568522: Valid client certificates fail with GNUTLS slapd

Bug#568522: Valid client certificates fail with GNUTLS slapd

4 matches

Site Navigation

Mail list logo

Footer information