I do confirm this. And: Howard Chu still explains NOT TO USE GNUTLS with openldap! It is broken by design! Do not wonder for strange behavior, if you do not trust the core developers.
http://www.openldap.org/lists/openldap-devel/200802/msg00072.html I have asked Howard a couple of days ago and he still stays at his opinion. I think Debian/Ubuntu should not make changes from openssl to gnutls! For this bug: ... 1.2.36.79672281.1.13.3 (rdnMatch): 2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ entryDN $ namingContexts $ aliasedObjectName $ dynamicSubtrees $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcAccessLogDB $ member $ owner $ roleOccupant $ manager $ documentAuthor $ secretary $ associatedName $ dITRedirect ) ) 2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) ) TLS: gcry_control GCRYCTL_SET_RNDEGD_SOCKET failed main: TLS init failed: 0 slapd destroy: freeing system resources. slapd stopped. connections_destroy: nothing to destroy. And by the way: My certs are under /ca/ldapmaster.roessner-net.com My profile for apparmor was working under intrepid. Upgrading from intrepid to jaunty does not work. # Last Modified: Tue Sep 2 13:08:01 2008 # Author: Jamie Strandboge <ja...@ubuntu.com> #include <tunables/global> /usr/sbin/slapd flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/ssl_certs> capability dac_override, capability net_bind_service, capability setgid, capability setuid, /ca/cacert_org.crt r, /ca/ldapmaster.roessner-net.de/newcert.pem r, /ca/ldapmaster.roessner-net.de/newkey.pem r, /etc/gai.conf r, /etc/hosts.allow r, /etc/hosts.deny r, /etc/ldap/ldap.conf r, /etc/ldap/schema/* r, /etc/ldap/slapd.conf r, /etc/sasldb2 r, /etc/ssl/private/ r, /etc/ssl/private/* r, /usr/lib/ldap/ r, /usr/lib/ldap/* mr, /usr/sbin/slapd mr, /var/lib/ldap/ r, /var/lib/ldap/* rw, /var/lib/ldap-ov/accesslog r, /var/lib/ldap-ov/accesslog/* rw, /var/lib/ldap/alock kw, /var/lib/ldap-ov/accesslog/alock kw, /var/run/slapd/* w, } No dmesg output that points to problems. ** Changed in: openldap (Ubuntu) Status: New => Confirmed -- ldap tls refusing to initialize https://bugs.launchpad.net/bugs/420277 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
