Perhaps the issue is that your certificates have too short RSA keys. In GnuTLS SECURE256 requires at least 3072-bit public key. Unfortunately, this is not clearly documented.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1537762 Title: syncrepl does not work when using tls Status in openldap package in Ubuntu: Incomplete Bug description: syncrepl gives a "slap_client_connect: URI=ldap://ldaphost.domain.com Error, ldap_start_tls failed (-11)" error syncrepl was working perfectly until I upgraded libgnutls26 from version 2.12.14-5ubuntu3.10 to version 2.12.14-5ubuntu3.11 This new version of gnutls just seems to only have a simple fix for CVE-2015-7575 ldapsearch works perfectly happily with the new version of gnutls and our SSL certificate. My syncrepl config looks like this: syncrepl rid=222 provider=ldap://ldaphost.domain.com starttls=critical type=refreshAndPersist retry=60,+ searchbase="dc=ccc,dc=sssssss,dc=aa,dc=uu" scope=sub schemachecking=off bindmethod=simple binddn="cn=uuuuuu,dc=ccc,dc=sssss,dc=aa,dc=uu" credentials=XXXXXXXX ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: slapd 2.4.28-1.1ubuntu4.6 ProcVersionSignature: Ubuntu 3.2.0-97.137-generic 3.2.73 Uname: Linux 3.2.0-97-generic x86_64 ApportVersion: 2.0.1-0ubuntu17.13 Architecture: amd64 Date: Mon Jan 25 13:33:26 2016 InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1) MarkForUpload: True SourcePackage: openldap UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.default.slapd: 2012-10-02T10:07:38 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1537762/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
