Public bug reported: Binary package hint: libldap-2.4-2
Trying to run a slapd server in Ubuntu 9.04, generally following the docs at: https://help.ubuntu.com/9.04/serverguide/C/openldap- server.html. It works fine until I try and use certificates as per the section TLS and SSL on that page. Then, if I try and start using /etc/init.d/slapd it tells me to start using the debugging flags. If I then do so with the command: sudo slapd -d -1 -h 'ldap:/// ldapi:/// ldaps:///' -g openldap -u openldap -F /etc/ldap/slapd.d/ At the end of copious output is: main: TLS init def ctx failed: -1 slapd destroy: freeing system resources. slapd stopped. This is with entries in /etc/ldap/slapd.d/cn=config.ldif like: olcTLSCACertificateFile: /home/peter/CA/server-ca-cert.pem olcTLSCertificateFile: /home/peter/CA/server-gnutls-cert.pem olcTLSCertificateKeyFile: /home/peter/CA/server-gnutls-key.pem If these entries are commented out, the server will start and work. This occurs with a private key and certificate generated using both openssl and with the gnutls certtool. Dependencies for slapd are: ldd -v $(which slapd) linux-gate.so.1 => (0xb7de2000) libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0xb7d97000) liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0xb7d89000) libdb-4.7.so => /usr/lib/libdb-4.7.so (0xb7c34000) libodbc.so.1 => /usr/lib/libodbc.so.1 (0xb7bcd000) libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7bb4000) libslp.so.1 => /usr/lib/libslp.so.1 (0xb7ba4000) libnsl.so.1 => /lib/tls/i686/cmov/libnsl.so.1 (0xb7b8b000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7b73000) libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb7ad5000) libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0xb7ac3000) libz.so.1 => /lib/libz.so.1 (0xb7aad000) libgcrypt.so.11 => /lib/libgcrypt.so.11 (0xb7a44000) libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7a12000) libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb79fb000) libltdl.so.7 => /usr/lib/libltdl.so.7 (0xb79f2000) libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb79ee000) libwrap.so.0 => /lib/libwrap.so.0 (0xb79e5000) libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7882000) /lib/ld-linux.so.2 (0xb7de3000) libgpg-error.so.0 => /lib/libgpg-error.so.0 (0xb787e000) Related packages installed: gnutls-bin 2.4.2-6ubuntu0.1 gnutls26 install ok installed gnutls-doc 2.4.2-6ubuntu0.1 gnutls26 install ok installed ldap-utils 2.4.15-1ubuntu3 openldap install ok installed libcurl3-gnutls 7.18.2-8ubuntu4.1 curl install ok installed libgnutls26 2.4.2-6ubuntu0.1 gnutls26 install ok installed libldap-2.4-2 2.4.15-1ubuntu3 openldap install ok installed slapd 2.4.15-1ubuntu3 openldap install ok installed It doesn't seem like this could be a problem with V1 certificates, since both the CA cert and the server cert have X.509 Certificate Information: Version: 3 (cf. https://bugs.launchpad.net/bugs/305264). Additionally they have Signature Algorithm: RSA-SHA. I wonder if it is related to a cipher suite specification, given http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541256. Though I tried setting 'olcTLSCipherSuite: +AES-256-CBC:+SHA1' in the cn=config.ldif file, to no avail. I don't know how to get the more detailed information from TLS, I only see the 'main: TLS init def ctx failed: -1' line. Is this another issue with the gnutls specifications? Or just something missing in the docs there for jaunty. Strikes me as a fairly important issue for ubuntu server. Peter ** Affects: openldap (Ubuntu) Importance: Undecided Status: New ** Tags: ldap tls -- ldap tls refusing to initialize https://bugs.launchpad.net/bugs/420277 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs