[Bug 231321] [NEW] ldap over ssl fails

Launchpad Bug Tracker 231321 at bugs.launchpad.net
Tue Jul 22 16:54:12 BST 2008

You have been subscribed to a public bug:

Binary package hint: ldap-utils

After converting Debian/etch systems to Ubuntu Hardy, ldap-serch will no
longer work unless I disable SSL or disable checking of the server

--- cut ---
root at oncilla:~# cat /etc/ldap/ldap.conf
# LDAP Defaults

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE    dc=microcomaustralia,dc=com,dc=au
URI     ldaps://scrooge.microcomaustralia.com.au
#TLS_CACERT /etc/ssl/certs/class3.pem
TLS_CACERT /etc/ssl/scrooge.pem

#DEREF		never
--- cut ---

root at oncilla:~# ldapsearch -x
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

However the server is fine, it works with ldapsearch from Debian/etch, and openssl s_client on Ubuntu Hardy:

openssl s_client -verify 1 -CApath /etc/ssl/certs -connect scrooge.microcomaustralia.com.au:ldaps
openssl s_client -verify 1 -CAfile /etc/ssl/scrooge.pem -connect scrooge.microcomaustralia.com.au:ldaps

(both these work)

I also saw #217159, but this appears to be a client side issue, not a
server issue.

Brian May

** Affects: openldap (Ubuntu)
     Importance: Undecided
         Status: New

ldap over ssl fails
You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu.

More information about the Ubuntu-server-bugs mailing list