Has there been any progress on Bug #381788? There hasn't been any word from the package maintainers since my post on August 13.
I am still experiencing this bug, and today I received an email from another individual who is also experiencing this problem. The person who contacted me wanted to know if I'd found a solution and also had two other work-around -- which aren't really usable for either of us. The first work-around this individual reported to me was to disable start_tls support. Since the problem is in the SSL handshake when TLS is being started, this avoid the problem. However, this is not an acceptable work-around for either of us. I'm using slapd to authenticate users, so passwords are being exchanged with the server. (Running slapd as root is probably a lower security risk than sending all user passwords in the clear). The second work-around this individual reported to me was to take "ldap" out of the group line in nsswitch.conf. This is a more targeted action than removing "ldap" from every line in nsswitch.conf (that I documented in my previous email). Again, this work-around is unacceptable since I have groups in LDAP being used by other services on the system. The work-around I previously documented of running slapd as root (which avoids the gnutls variant of the ldap client libraries from being loaded) seems to be the best work-around at the moment. Although I still want to run slapd as a non-root user for security reasons. Could one of the maintainers please comment on the status of this bug? Thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
