On Mon, Jul 14, 2008 at 05:56:52PM +0200, Michael Kiefer wrote: > With lenny both as server and client, I get the same bug here. The first > thing > that I discovered not working was syncrepl between two servers. Then I > noticed that ldapsearch also is not working:
So, can you provide the requested slapd.conf from the server so that I can try to reproduce and debug this? > When I run ldapsearch on the server, accessing the pipe with > ldapsearch -ZZ -H ldapi://%2fvar%2frun%2fldapi/ -d-1 -Y EXTERNAL > I get the following output > (only the last few lines, when the error occurs) > tls_write: want=139 error=Broken pipe > TLS: can't connect: Error in the push function.. > ldap_err2string > ldap_start_tls: Connect error (-11) Hum, I wouldn't expect this to work because you're using an ldapi url, and TLS negotiation is based on hostnames. Has this ever worked with previous versions? > When I run ldapsearch on the server or on the client, accessing via > ldapsearch -H ldaps://cresstsrv2.mppmu.mpg.de -d-1 -Y EXTERNAL > the result is sometimes > tls_write: want=6 error=Broken pipe > TLS: can't connect: Error in the push function.. > ldap_err2string > ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) This at least appears to be the same error message as the original bug submitter. > This is true for debian lenny and Ubuntu 8.04. When trying with an Ubuntu > 7.10 > client, the message is > TLS trace: SSL_connect:SSLv3 flush data > tls_read: want=5, got=0 > TLS trace: SSL_connect:failed in SSLv3 read finished A > TLS: can't connect. > ldap_perror > ldap_start_tls: Can't contact LDAP server (-1) The bug report you're following up to is about a failure to connect from ldap-utils. Ubuntu 7.10 doesn't ship ldap-utils 2.4.7; if you're having a *general* problem connecting to your server from all TLS-based clients, then I think you have a configuration problem, not a bug in ldap-utils. (I don't think this is a server bug either, because the TLS support has been tested to work already in a variety of configurations.) -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
