On Mon, 21 May 2007, Sjoerd Simons wrote:
Package: libnss-ldap
Version: 255-1
Severity: important
Hi,
Hello, and you win the prize of filing the 1st bug routed to the new
maintainer - your prize is still being determined :)
When upgrading from 251-7.5 libnss-ldap starts failing. Debug shows the
following:
TLS: can't connect.
ldap_err2string
ldap_err2string
You should try -vd9999 - with higher debugging, you can see the notice
that your certificate was likely rejected due to being self-signed.
Our ldap server is using a self-signed certificate and ``TLS_REQCERT never''
is specified in /etc/ldap/ldap.conf..
Please try the following settings instead:
TLS_CACERTDIR /etc/ssl/certs
TLS_CRLCHECK none
# Allow self-signed certificates
TLS_REQCERT allow
Now, there's a caveat here, that the ca-certificates package can leave
dangling symlinks in /etc/ssl/certs... and those will also cause
certificate failure :(
So, you may need to run `update-ca-certificates -f` to force the cleanup
(or a q&d script to just remove them).
Yes i know, this is not the most secure setup and we should fix it sometime..
But it should still work :)
Yeah, I'm in the same boat :)
--
Rick Nelson
Machine Always Crashes, If Not, The Operating System Hangs (MACINTOSH)
-- Topic on #Linux
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
