Public bug reported:
this morning our machines performed security updates. As a result of
this we lost /usr/bin/ruby (it was just non-existant)
This seems to be when ruby package is upgraded _before_ libruby1.9.1.
Reinstalling the ruby package fixed this.
dpkg.log follows (you can see my
awesome, many thanks Ryan, super quick!
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1347954
Title:
build slapd-sha2 module for strong passwords
To manage notifications about
Public bug reported:
out of the box, the strongest password encryption supported is SSHA
(seeded SHA-1) which isn't really very good these days.
The best answer appears to be to compile up the contrib/slapd-sha2
module.
https://github.com/gcp/openldap/tree/master/contrib/slapd-
Public bug reported:
man mongod says:
See the /reference/configuration-options document for more
information about these options.
However such a document isn't installed, given that this is basic config
it should really be in the package (rather than having to search the
web).
Thanks,
FYI I just hit another issue where ldap wouldn't start with errors like this:
TLS init def ctx failed: -207
slapd stopped.
connections_destroy: nothing to destroy.'
This turned out to be due to a PKCS#8 key, using openssl rsa -in
old.key -text (and then cutting and pasting the PRIVATE RSA KEY
I _think_ that the problem was that the LDAP server certificate was just a
regular SSL certificate and it needed recreating as a server certificate
(build-key-server from easy-rsa tools):
nsCertType = server
extendedKeyUsage=serverAuth
keyUsage = digitalSignature,
FYI I've compiled up 2.4.16 (took 2.4.15 from debian and updated
source), added a patch from
http://209.85.229.132/search?q=cache:idWE3JHeQOUJ:www.openldap.org/its/index.cgi/Software%2520Bugs%3Fid%3D6053%3Bpage%3D1+main:+TLS+init+def+ctx+failed:+-50cd=1hl=enct=clnkgl=uklr=lang_en
(Subject: gnutls
http://www.openldap.org/its/index.cgi/Software
Bugs?id=6053;expression=gnutls is a better link to that patch
compiled with openssl rather than gnutls and it's happier..
Aha!!! Found it :-) openssl client then complained that the ceritficate
was not suitable for the purpose. In short, I had
FWIW I've got the same on a debian box I've just upgraded from etch to lenny:
slapd 2.4.11-1
libldap-2.4-2 2.4.11-1
libgnutls26 2.4.2-6+lenny1
certs are not blacklisted (checked ca and server), gnutls-serv works
fine.
tracign with openssl shows a very quick reply:
openssl s_client -connect
sure:
/etc/ldap/ldap.conf:
BASE dc=opsera,dc=com
URI ldap://foo.opsera.com
TLS_CACERT /etc/ssl/certs/ca.opsera.com.crt
TLS_REQCERT demand
TLS_CACERT file:
-BEGIN CERTIFICATE-
MIIEUTCCAzmgAwIBAgIJAI+dj7GhDEy1MA0GCSqGSIb3DQEBBQUAMHgxCzAJBgNV
10 matches
Mail list logo
