You have been subscribed to a public bug:
Binary package hint: ldap-utils
After converting Debian/etch systems to Ubuntu Hardy, ldap-serch will no
longer work unless I disable SSL or disable checking of the server
certificate:
--- cut ---
[EMAIL PROTECTED]:~# cat /etc/ldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=microcomaustralia,dc=com,dc=au
URI ldaps://scrooge.microcomaustralia.com.au
#TLS_CACERT /etc/ssl/certs/class3.pem
TLS_CACERT /etc/ssl/scrooge.pem
TLS_REQCERT demand
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
--- cut ---
[EMAIL PROTECTED]:~# ldapsearch -x
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
However the server is fine, it works with ldapsearch from Debian/etch, and
openssl s_client on Ubuntu Hardy:
openssl s_client -verify 1 -CApath /etc/ssl/certs -connect
scrooge.microcomaustralia.com.au:ldaps
openssl s_client -verify 1 -CAfile /etc/ssl/scrooge.pem -connect
scrooge.microcomaustralia.com.au:ldaps
(both these work)
I also saw #217159, but this appears to be a client side issue, not a
server issue.
Brian May
** Affects: openldap (Ubuntu)
Importance: Undecided
Status: New
--
ldap over ssl fails
https://bugs.launchpad.net/bugs/231321
You received this bug notification because you are a member of Ubuntu Server
Team, which is subscribed to openldap in ubuntu.
--
Ubuntu-server-bugs mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
