--On Tuesday, August 08, 2006 10:16 PM +0200 Matthijs Mohlmann
<[EMAIL PROTECTED]> wrote:
On Mon, 07 Aug 2006 19:38:06 -0600
"Berg, Michael" <[EMAIL PROTECTED]> wrote:
>> And just for completeness, here are the contents of my ldap.conf file
>> ==========
>> BASE dc=mydomain,dc=dyndns,dc=org
>> URI ldap://ldap.mydomain.dyndns.org
>> TLS_CIPHER_SUITE HIGH:!ADH
>> TLS_CACERT /etc/ssl/certs/mydomain.dyndns.org_CA.pem
>> TLS_REQCERT demand
>> TLS_CRLCHECK none
>> ==========
>>
> This is the complete content of ldap.conf on the clients ?
Those are the only uncommented lines in my ldap.conf files.
>> I even tried purging slapd, reinstalling it, and re-populating it
>> from scratch (I didn't just reload a DB backup).
>>
>> The fresh install worked fine as non-root until a reboot - at which
>> point the problem described above returned and TLS connections fail.
>>
> That's strange.
I thought so too.
> Can you please send the output of: ldapsearch -x -ZZ -d 7
Output is attached.
Thanks for the output, but I still don't see why it's failing. The only
thing I see on the OpenLDAP mailinglist about this is when you connect on
the SSL port and try to do starttls.
Can somebody with some more SSL knowledge comment here ?
I discussed this bug with Howard Chu (main OpenLDAP developer). He says,
"System error". I.e., this is a not a bug in OpenLDAP, but a problem with
the system involved. Particularly evidenced by it working until the system
got rebooted.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
