Bug#381788: [Pkg-openldap-devel] Bug#381788: slapd: TLS connections
fail when running as non-root
Matthijs Mohlmann
matthijs at cacholong.nl
Tue Aug 8 20:16:22 UTC 2006
On Mon, 07 Aug 2006 19:38:06 -0600
"Berg, Michael" <michaeljberg at gmail.com> wrote:
> >> And just for completeness, here are the contents of my ldap.conf file
> >> ==========
> >> BASE dc=mydomain,dc=dyndns,dc=org
> >> URI ldap://ldap.mydomain.dyndns.org
> >> TLS_CIPHER_SUITE HIGH:!ADH
> >> TLS_CACERT /etc/ssl/certs/mydomain.dyndns.org_CA.pem
> >> TLS_REQCERT demand
> >> TLS_CRLCHECK none
> >> ==========
> >>
> > This is the complete content of ldap.conf on the clients ?
>
> Those are the only uncommented lines in my ldap.conf files.
>
>
> >> I even tried purging slapd, reinstalling it, and re-populating it from scratch
> >> (I didn't just reload a DB backup).
> >>
> >> The fresh install worked fine as non-root until a reboot - at which point the
> >> problem described above returned and TLS connections fail.
> >>
> > That's strange.
>
> I thought so too.
>
>
> > Can you please send the output of: ldapsearch -x -ZZ -d 7
>
> Output is attached.
Thanks for the output, but I still don't see why it's failing. The only thing I see on the OpenLDAP mailinglist about this is when you connect on the SSL port and try to do starttls.
Can somebody with some more SSL knowledge comment here ?
Regards,
Matthijs Mohlmann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20060808/95e2d4aa/signature-0001.pgp
More information about the Pkg-openldap-devel
mailing list