[Pkg-openldap-devel] Bug#478883: ldap-utils: tls failing when connecting to slapd on etch server

[Steve Langasek]

tags 478883 moreinfo
thanks

On Thu, May 01, 2008 at 04:52:57PM +0100, Thorben Jändling wrote:
> This maybe an issue with libldap, or possibly libgnutls (which I doubt see
> tests below).

> I can't get an ldaps connection to slapd running on our Etch servers.
> The ldaps connections from other etch servers is fine, but for my lenny
> desktop I get:

> Server syslog:

> .... conn=400 fd=26 ACCEPT from IP=10.10.25.223:34424 (IP=0.0.0.0:636)
> .... conn=400 fd=26 closed (TLS negotiation failure)

IIRC, this indicates a server-side rejection of the TLS setup.  Can we see
your slapd.conf on the server side?  Also, is this still an issue with the
current 2.4.9-1 version of the package in lenny?

If the problem is still present and there's nothing indicative in the
slapd.conf, I would want to see the full, unedited debugging output from
gnutls-cli.

FWIW, I've just set up a test server using the etch version of slapd, and I
can connect to it over TLS just fine from a sid client; so more information
is definitely needed here to be able to reproduce this problem.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org