On Tue, Jul 15, 2008 at 11:00:30AM +0200, Michael Kiefer wrote: > Am Montag 14 Juli 2008 schrieb Steve Langasek: > > On Mon, Jul 14, 2008 at 05:56:52PM +0200, Michael Kiefer wrote: > > > With lenny both as server and client, I get the same bug here. The first > > > thing that I discovered not working was syncrepl between two servers. > > > Then I noticed that ldapsearch also is not working:
> > So, can you provide the requested slapd.conf from the server so that I can > > try to reproduce and debug this? > There is no slapd.conf any more. I have attached the cn=config tree instead. > > This at least appears to be the same error message as the original bug > > submitter. > > The bug report you're following up to is about a failure to connect from > > ldap-utils. Ubuntu 7.10 doesn't ship ldap-utils 2.4.7; if you're having a > > *general* problem connecting to your server from all TLS-based clients, > > then I think you have a configuration problem, not a bug in ldap-utils. (I > > don't think this is a server bug either, because the TLS support has been > > tested to work already in a variety of configurations.) > The problem is that this already has been working once. And when trying to > connect manually with openssl s_client, there are no error messages. <snip> > olcTLSCACertificateFile: /etc/ldap/certs/cacert.pem > olcTLSCertificateFile: /etc/ldap/certs/certfile.crt > olcTLSCertificateKeyFile: /etc/ldap/certs/keyfile.key > olcTLSVerifyClient: demand <snip> This shows that client SSL certificates are required by the server. What does your /etc/ldap/ldap.conf look like, and what arguments are you using when calling openssl s_client for testing? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
