Public bug reported: Binary package hint: ldap-utils
I have setup an OpenLDAP server with TLS support using the guide at https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html. When I tried to do an ldapsearch over ldaps:// or using start-tls (-Z) it would refuse and give the error message TLS: peer cert untrusted or revoked (0x42). That message is given because the CA certificate is not read and thus the server certificate can not be verified. I made sure that TLS_CACERT was specified correctly in /etc/ldap/ldap.conf, but that made no difference. According to strace the CA certificate file was not even read. It did however try to read ~/.ldapcert.pem, and when I copied the CA certificate file to that path, it worked. I seems that the ldap- utilities ignore part of ldap.conf. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: ldap-utils 2.4.21-0ubuntu5.3 ProcVersionSignature: Ubuntu 2.6.32-24.39-generic 2.6.32.15+drm33.5 Uname: Linux 2.6.32-24-generic x86_64 NonfreeKernelModules: nvidia Architecture: amd64 Date: Mon Aug 16 17:05:10 2010 InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100427.1) ProcEnviron: PATH=(custom, user) LANG=en_DK.utf8 SHELL=/bin/bash SourcePackage: openldap ** Affects: openldap (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug lucid -- ldapsearch ignores TLS_CACERT from /etc/ldap/ldap.conf but gladly reads ~/.ldapcert.pem https://bugs.launchpad.net/bugs/618715 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
