Public bug reported:
Binary package hint: ldap-utils
When trying to run ldapsearch against my local LDAP server, I receive the
following error (simplified):
TLS: peer cert untrusted or revoked (0x82)
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
However, if I try the same operation from a 6.06 box I've got, it works fine.
Here's the command:
ldapsearch -H ldaps://mydomain.name -d 99
Here's the only option I've got set in /etc/ldap/ldap.conf:
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
Please note that connecting via openssl to the same LDAP server seems to work
just fine (even from the Hardy box):
openssl s_client -connect mydomain.name:636 -showcerts -CAfile
/etc/ssl/certs/ca-certificates.crt
>From what I've read, I'm guessing this has something to do with the
switch to gnutls in Hardy. If it makes any difference, my SSL
certificate is one of the cheap ones from GoDaddy (pain in the ass to
get working, by the way).
I've attached the standard and debug output from the ldapsearch command. If I
specify the following option in my /etc/ldap/ldap.conf file, I can connect just
fine:
TLS_REQCERT allow
My Hardy 8.04.1 box has ldap-utils v2.4.9-0ubuntu0.8.04.1 installed,
along with libgnutls v2.0.4-1ubuntu2.1. Please let me know if you need
any further information.
** Affects: openldap2.3 (Ubuntu)
Importance: Undecided
Status: New
--
"TLS: peer cert untrusted or revoked (0x82)" error in Hardy's version of
ldap-utils
https://bugs.launchpad.net/bugs/257153
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap2.3 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
