[Bug 231321] [NEW] ldap over ssl fails
Launchpad Bug Tracker
231321 at bugs.launchpad.net
Tue Jul 22 16:54:12 BST 2008
You have been subscribed to a public bug:
Binary package hint: ldap-utils
After converting Debian/etch systems to Ubuntu Hardy, ldap-serch will no
longer work unless I disable SSL or disable checking of the server
certificate:
--- cut ---
root at oncilla:~# cat /etc/ldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=microcomaustralia,dc=com,dc=au
URI ldaps://scrooge.microcomaustralia.com.au
#TLS_CACERT /etc/ssl/certs/class3.pem
TLS_CACERT /etc/ssl/scrooge.pem
TLS_REQCERT demand
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
--- cut ---
root at oncilla:~# ldapsearch -x
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
However the server is fine, it works with ldapsearch from Debian/etch, and openssl s_client on Ubuntu Hardy:
openssl s_client -verify 1 -CApath /etc/ssl/certs -connect scrooge.microcomaustralia.com.au:ldaps
openssl s_client -verify 1 -CAfile /etc/ssl/scrooge.pem -connect scrooge.microcomaustralia.com.au:ldaps
(both these work)
I also saw #217159, but this appears to be a client side issue, not a
server issue.
Brian May
** Affects: openldap (Ubuntu)
Importance: Undecided
Status: New
--
ldap over ssl fails
https://bugs.launchpad.net/bugs/231321
You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu.
More information about the Ubuntu-server-bugs
mailing list