Bug#462588: marked as done (Fails to start slapd ldaps:/// on upgrade)

Sat, 09 Feb 2008 15:44:46 -0800 

Your message dated Sat, 09 Feb 2008 23:17:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#462588: fixed in openldap2.3 2.4.7-5
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: slapd
Version: 2.4.7-3+b1
Severity: grave
Justification: renders package unusable

Hi

I have a wokring 2.3.38-1+lenny1 slapd, these are the relevant TLS
config info
# CA information
TLSCACertificateFile /etc/ldap/ssl/ca-certificates.crt
#TLSCACertificatePath /etc/ldap/ssl/
                                                                                
                                                     
TLSVerifyClient allow
#TLSVerifyClient demand
#TLSCipherSuite HIGH
TLSCipherSuite HIGH:MEDIUM:+SSLv3
TLSCRLCheck none
TLSCertificateFile
/etc/ldap/ssl/bGRhcC5zYW1hZC5jb20uYXU6Y2EuY29tLmF1OjpBLiBTYW1hZCBQdHkgTHRkOlN5ZG5leTpOU1c6QVU=.pem
TLSCertificateKeyFile
/etc/ldap/ssl/bGRhcC5zYW1hZC5jb20uYXU6Y2EuY29tLmF1OjpBLiBTYW1hZCBQdHkgTHRkOlN5ZG5leTpOU1c6QVU=.une.pem

upon upgrade slapd refused to start tls failure unable to set 

TLSCipherSuite HIGH:MEDIUM:+SSLv2

The only way I could get slapd to start was to comment out
TLSCipherSuite

and then slapd would not accept any ldaps connections

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable'), (100, 'unstable'), (50, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.22-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message --- 
Source: openldap2.3
Source-Version: 2.4.7-5

We believe that the bug you reported is fixed in the latest version of
openldap2.3, which is due to be installed in the Debian FTP archive:

ldap-utils_2.4.7-5_amd64.deb
  to pool/main/o/openldap2.3/ldap-utils_2.4.7-5_amd64.deb
libldap-2.4-2-dbg_2.4.7-5_amd64.deb
  to pool/main/o/openldap2.3/libldap-2.4-2-dbg_2.4.7-5_amd64.deb
libldap-2.4-2_2.4.7-5_amd64.deb
  to pool/main/o/openldap2.3/libldap-2.4-2_2.4.7-5_amd64.deb
libldap2-dev_2.4.7-5_amd64.deb
  to pool/main/o/openldap2.3/libldap2-dev_2.4.7-5_amd64.deb
openldap2.3_2.4.7-5.diff.gz
  to pool/main/o/openldap2.3/openldap2.3_2.4.7-5.diff.gz
openldap2.3_2.4.7-5.dsc
  to pool/main/o/openldap2.3/openldap2.3_2.4.7-5.dsc
slapd-dbg_2.4.7-5_amd64.deb
  to pool/main/o/openldap2.3/slapd-dbg_2.4.7-5_amd64.deb
slapd_2.4.7-5_amd64.deb
  to pool/main/o/openldap2.3/slapd_2.4.7-5_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Langasek <[EMAIL PROTECTED]> (supplier of updated openldap2.3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 09 Feb 2008 14:25:55 -0800
Source: openldap2.3
Binary: slapd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev slapd-dbg
Architecture: source amd64
Version: 2.4.7-5
Distribution: unstable
Urgency: low
Maintainer: Debian OpenLDAP Maintainers <[EMAIL PROTECTED]>
Changed-By: Steve Langasek <[EMAIL PROTECTED]>
Description: 
 ldap-utils - OpenLDAP utilities
 libldap-2.4-2 - OpenLDAP libraries
 libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries
 libldap2-dev - OpenLDAP development libraries
 slapd      - OpenLDAP server (slapd)
 slapd-dbg  - Debugging information for the OpenLDAP server (slapd)
Closes: 462099 462588 462688 462987 463149 463442 463472 463971 464718 464719
Changes: 
 openldap2.3 (2.4.7-5) unstable; urgency=low
 .
   [ Updated debconf translations ]
   * Finnish, thanks to Esko Arajärvi <[EMAIL PROTECTED]>.  Closes: #462688.
   * Galician, thanks to Jacobo Tarrio <[EMAIL PROTECTED]>.  Closes: #462987.
   * French, thanks to Christian Perrier <[EMAIL PROTECTED]>.
     Closes: #463149.
   * Russian, thanks to Yuri Kozlov <[EMAIL PROTECTED]>.  Closes: #463442.
   * Czech, thanks to Miroslav Kure <[EMAIL PROTECTED]>.  Closes: #463472.
   * German, thanks to Helge Kreutzmann <[EMAIL PROTECTED]>.
     Closes: #464718.
 .
   [ Steve Langasek ]
   * Fix various regressions related to the introduction of GnuTLS:
     - Add new patch, gnutls-ciphers, to fix support for specifying multiple
       ciphers with TLSCipherSuite option in slapd.conf.  Thanks to Kyle
       Moffett <[EMAIL PROTECTED]> for the patch.  Closes LP: #188200.
     - Add new patch, slapd-tlsverifyclient-default, to set the intended
       default value of "TLSVerifyClient never" in the right place.
     - Add new patch, gnutls-altname-nulterminated, to account for differences
       in how the "length" is returned for commonName vs. subjectAltName.
     - Comment out TLSCipherSuite settings on upgrade from all versions prior
       to 2.4.7-5, and throw a debconf error to the user notifying them of
       this, since all OpenSSL cipher suite values are incompatible with
       GnuTLS.
     Closes: #462588.
   * Add new patch from upstream, entryCSN-backwards-compatibility, to support
     auto-converting entryCSN attributes in a previously supported old format,
     fixing an upgrade failure.  Closes: #462099.
   * Use --retry TERM/10 instead of --retry 10 when stopping slapd, since the
     latter resorts to a SIGKILL and may corrupt backend data; whereas the
     former will exit non-zero if slapd is still running but won't directly
     cause data-loss.  Thanks to Mark McDonald for the patch.  LP: #92139.
   * Fix manpage symlinks in libldap2-dev; thanks to Reuben Thomas for
     reporting.  Closes: #463971.
   * Fix a superfluous space in the debconf templates, due to a trailing space
     in the templates.  Closes: #464719.
Files: 
 dda20b74714310941afb676c3b8e04d9 1411 net optional openldap2.3_2.4.7-5.dsc
 33f5247b6bb470a6cad6d7bfe667742d 139425 net optional 
openldap2.3_2.4.7-5.diff.gz
 0cec0efeed125da42a9c2c611fa05423 1418626 net optional slapd_2.4.7-5_amd64.deb
 4c1f1cc19b5efdd9ff70fc31d470523d 260620 net optional 
ldap-utils_2.4.7-5_amd64.deb
 43349a36df7e5af36081f7882b50739f 199082 libs optional 
libldap-2.4-2_2.4.7-5_amd64.deb
 033933318acb89de8af154634387e2de 289140 libdevel extra 
libldap-2.4-2-dbg_2.4.7-5_amd64.deb
 cac9449825e9d32204279436a268b11e 834512 libdevel extra 
libldap2-dev_2.4.7-5_amd64.deb
 c91dcb145d9f3bb980e321965ac12ae6 3530612 net extra slapd-dbg_2.4.7-5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHri6pKN6ufymYLloRAkKfAKCMRHgmSscSwrTdAMvJMDyBWNRHHACgx0yz
HnvOgzK/IbBPsJTcajefhEI=
=4GkH
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to