[Pkg-openldap-devel] Bug#462588: Bug#462588: Fails to start slapd ldaps:/// on upgrade
Steve Langasek
vorlon at debian.org
Sun Feb 3 19:43:54 UTC 2008
On Fri, Feb 01, 2008 at 02:05:58PM +0100, Niccolo Rigacci wrote:
> However this is strange beacuse LDAP.CONF(5) states that
> TLS_REQCERT "allow" means:
> The server certificate is requested. If no certificate is
> provided, the session proceeds normally. If a bad certificate
> is provided, it will be ignored and the session proceeds normally.
> But the session does not proceeds normally, even if I add
> a subjectAltName into the certificate.
What client are you using? If you use ldapsearch -ZZ, for instance, this
overrides the TLS_REQCERT value in /etc/ldap/ldap.conf.
Do you have a TLSVerifyClient value set in /etc/ldap/slapd.conf? There is a
bug in 2.4.7 that results in the server requiring client certificates by
default for all TLS/SSL connections.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
More information about the Pkg-openldap-devel
mailing list