On Fri, Feb 08, 2008 at 05:12:05PM -0800, Steve Langasek wrote:
> Ok, I can reproduce this problem. There are two remaining issues here, that
> I can see:
> - the behavior of "TLS_REQCERT allow" appears to be equivalent to
> "TLS_REQCERT try" in its handling of wrong certificates
I've looked d
On Mon, Feb 04, 2008 at 10:03:27AM +0100, Niccolo Rigacci wrote:
> > > However this is strange beacuse LDAP.CONF(5) states that
> > > TLS_REQCERT "allow" means:
> > > The server certificate is requested. If no certificate is
> > > provided, the session proceeds normally. If a bad certificate
> > However this is strange beacuse LDAP.CONF(5) states that
> > TLS_REQCERT "allow" means:
>
> > The server certificate is requested. If no certificate is
> > provided, the session proceeds normally. If a bad certificate
> > is provided, it will be ignored and the session proceeds normal
On Fri, Feb 01, 2008 at 02:05:58PM +0100, Niccolo Rigacci wrote:
> However this is strange beacuse LDAP.CONF(5) states that
> TLS_REQCERT "allow" means:
> The server certificate is requested. If no certificate is
> provided, the session proceeds normally. If a bad certificate
> is provide
I confirm that ldpas broke after upgrade.
This is the workaround in my case:
1) Commented out TLSCipherSuite from /etc/ldap/slapd.conf so it
picks-up the defaults.
2) Changed TLS_REQCERT from "allow" to "never" into
/etc/ldap/ldap.conf.
The clients connect to a name which is different f
--On Saturday, January 26, 2008 8:16 AM +1100 Alex Samad
<[EMAIL PROTECTED]> wrote:
Package: slapd
Version: 2.4.7-3+b1
Severity: grave
Justification: renders package unusable
OpenLDAP 2.4.7 in Debian uses GnuTLS now instead of OpenSSL. GnuTLS uses a
different set of cipher suites. I would
Package: slapd
Version: 2.4.7-3+b1
Severity: grave
Justification: renders package unusable
Hi
I have a wokring 2.3.38-1+lenny1 slapd, these are the relevant TLS
config info
# CA information
TLSCACertificateFile /etc/ldap/ssl/ca-certificates.crt
#TLSCACertificatePath /etc/ldap/ssl/
7 matches
Mail list logo
