[Bug 618715] [NEW] ldapsearch ignores TLS_CACERT from /etc/ldap/ldap.conf but gladly reads ~/.ldapcert.pem
Anders Bruun Olsen
anders at bruun-olsen.net
Mon Aug 16 16:14:16 BST 2010
Public bug reported:
Binary package hint: ldap-utils
I have setup an OpenLDAP server with TLS support using the guide at
https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html. When I
tried to do an ldapsearch over ldaps:// or using start-tls (-Z) it would
refuse and give the error message TLS: peer cert untrusted or revoked
(0x42). That message is given because the CA certificate is not read and
thus the server certificate can not be verified. I made sure that
TLS_CACERT was specified correctly in /etc/ldap/ldap.conf, but that made
no difference. According to strace the CA certificate file was not even
read. It did however try to read ~/.ldapcert.pem, and when I copied the
CA certificate file to that path, it worked. I seems that the ldap-
utilities ignore part of ldap.conf.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: ldap-utils 2.4.21-0ubuntu5.3
ProcVersionSignature: Ubuntu 2.6.32-24.39-generic 2.6.32.15+drm33.5
Uname: Linux 2.6.32-24-generic x86_64
NonfreeKernelModules: nvidia
Architecture: amd64
Date: Mon Aug 16 17:05:10 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100427.1)
ProcEnviron:
PATH=(custom, user)
LANG=en_DK.utf8
SHELL=/bin/bash
SourcePackage: openldap
** Affects: openldap (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug lucid
--
ldapsearch ignores TLS_CACERT from /etc/ldap/ldap.conf but gladly reads ~/.ldapcert.pem
https://bugs.launchpad.net/bugs/618715
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.
More information about the Ubuntu-server-bugs
mailing list