Bug#381788: [Pkg-openldap-devel] Bug#381788: slapd: TLS connections
fail when running as non-root
Quanah Gibson-Mount
quanah at stanford.edu
Tue Aug 8 20:24:21 UTC 2006
--On Tuesday, August 08, 2006 10:16 PM +0200 Matthijs Mohlmann
<matthijs at cacholong.nl> wrote:
> On Mon, 07 Aug 2006 19:38:06 -0600
> "Berg, Michael" <michaeljberg at gmail.com> wrote:
>
>> >> And just for completeness, here are the contents of my ldap.conf file
>> >> ==========
>> >> BASE dc=mydomain,dc=dyndns,dc=org
>> >> URI ldap://ldap.mydomain.dyndns.org
>> >> TLS_CIPHER_SUITE HIGH:!ADH
>> >> TLS_CACERT /etc/ssl/certs/mydomain.dyndns.org_CA.pem
>> >> TLS_REQCERT demand
>> >> TLS_CRLCHECK none
>> >> ==========
>> >>
>> > This is the complete content of ldap.conf on the clients ?
>>
>> Those are the only uncommented lines in my ldap.conf files.
>>
>>
>> >> I even tried purging slapd, reinstalling it, and re-populating it
>> >> from scratch (I didn't just reload a DB backup).
>> >>
>> >> The fresh install worked fine as non-root until a reboot - at which
>> >> point the problem described above returned and TLS connections fail.
>> >>
>> > That's strange.
>>
>> I thought so too.
>>
>>
>> > Can you please send the output of: ldapsearch -x -ZZ -d 7
>>
>> Output is attached.
>
> Thanks for the output, but I still don't see why it's failing. The only
> thing I see on the OpenLDAP mailinglist about this is when you connect on
> the SSL port and try to do starttls.
>
> Can somebody with some more SSL knowledge comment here ?
I discussed this bug with Howard Chu (main OpenLDAP developer). He says,
"System error". I.e., this is a not a bug in OpenLDAP, but a problem with
the system involved. Particularly evidenced by it working until the system
got rebooted.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
More information about the Pkg-openldap-devel
mailing list