* Stopping MySQL database server mysqld
[ OK ]
* Reloading AppArmor profiles ...
[ OK ]
* Starting MySQL database server mysqld
Unfortunately I've decommissioned the machine. However I do know that I
didn't manually specify any TLSCipherSuite directives in the slapd.conf.
The hardy slapd.conf man (5) file still references the TLSCipherSuite
format accepted by OpenSSL (e.g.: TLSCipherSuite HIGH:MEDIUM:+SSLv2),
which
As above:
client: ldapsearch -x -H ldaps://localhost:636 -D *** -w ***
server:
slap_listener(ldaps:///)
connection_get(13): got connid=1
connection_read(13): checking for input on id=1
connection_read(13): TLS accept failure error=-1 id=1, closing
connection_closing: readying conn=1 sd=13 for
Oh, and the gnutls-cli stuff:
I opened the listening server with:
gnutls-serv --x509cafile my_ca.cer --x509keyfile myclient.pem --x509certfile
myclient.cer
It returns:
Set static Diffie Hellman parameters, consider --dhparams.
Processed 1 CA certificate(s).
Echo Server ready. Listening to port
This is run with:
/usr/sbin/slapd -h ldaps:/// -g openldap -u openldap -f /etc/ldap/slapd.conf
-d15
Connecting from either ldapsearch -x -H ldaps://... or gnutls-cli,
slapd returns:
slap_listener(ldaps:///)
daemon: listen=8, new connection on 13
daemon: added 13r (active) listener=(nil)
I am also having problems with Hardy slapd 2.4.9-0ubuntu0.8.04.2 and
TLS.
It seems OpenLDAP on Hardy is now compiled against GnuTLS, and not
OpenSSL as it was in old versions.
I've created x509 certificates and signed them against our company CA.
These work perfectly for Apache on Hardy (adding
