Bug#411042: Info received (Bug#411042: [Pkg-samba-maint] Bug#411042: samba -dosen't connect to OpenLDAP)

Mgr. Peter Tuharsky tuharsky at misbb.sk
Mon Mar 5 13:57:49 CET 2007


> What is the cn in the SSL certificate being used by the LDAP server?  It
> seems odd that this would work at all with start tls, unless your SSL
> certificate was set up oddly.

This is the beginning of the /etc/ldap/slapd-cert-ldap1.pem

Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 2 (0x2)
         Signature Algorithm: md5WithRSAEncryption
         Issuer: C=SK, ST=Slovakia, L=Banska Bystrica, O=Mesto, 
OU=Referat informatiky, CN=ldap2.misbb.sk/emailAddress=hlavaty at misbb.sk
         Validity
             Not Before: May  2 14:13:55 2004 GMT
             Not After : May  2 14:13:55 2005 GMT
         Subject: C=SK, ST=Slovakia, L=Banska Bystrica, O=Mesto, 
OU=Referat informatiky, CN=ldap1.misbb.sk/emailAddress=hlavaty at misbb.sk
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
             RSA Public Key: (1024 bit)
                 Modulus (1024 bit):



It seems, that certificate is expired already. However, there are some 
questionable circumstances:
1, it has been working alright before, few weeks ago, on Sarge
2, it works even now for samba if localhost is specified (as mentioned 
before).
3, linux clients with LDAP authentication don't comply
4, AFAIK, samba on client dosen't comply (need to prove)
5, eGroupWare webserver with LDAP user authentication dosen't comply
6, if the date of certificate was the right problem here, one would 
assume that someone would complain loudly with "certificate out of date" 
and end up regulary


> Hrm, odd.  Are there any previous errors, possibly at a higher debug
> level?  If this is on the LDAP socket, it suggests some pretty big
> brokenness.
> 

Please, suggest the right debug level that I should use.


Peter




More information about the Pkg-samba-maint mailing list