Package: slapd Severity: normal Hi,
although I am not the original submitter, I tried to reprodce the bug with OpenLDAP 2.4.21 in unstable. Result of my tests: I cannot reproduce th bug in this version. Here are a few details on my LDAP/TLS config: /home/client# ls -l /etc/ldap/ldap.conf ~/.ldaprc -rw-r--r-- 1 openldap root 321 27. Apr 11:44 /etc/ldap/ldap.conf -rw-r----- 1 client client 205 27. Apr 11:43 /home/marschap/.ldaprc /home/client# cat /etc/ldap/ldap.conf # /etc/openldap/ldap.conf -- OpenLDAP client defaults configuration file # See ldap.conf(5) for details on configuration options. # This file should be world readable but not world writable. ## server options ## HOST 127.0.0.1 PORT 389 BASE c=DE ## TLS options ## TLS_CACERT /etc/ssl/certs/ca-certificates.crt /home/client# cat ~client/.ldaprc # ~/.ldaprc -- private libldap config file # See ldap.conf(5) for details TLS_CERT /home/client/.ssl/certs/client-cert.pem TLS_KEY /home/client/.ssl/private/client-keyopen.pem TLS_REQCERT demand /home/client# ls -l /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/server-cert.pem /etc/ssl/private/server-key.pem -rw-r--r-- 1 root root 221942 7. Apr 15:21 /etc/ssl/certs/ca-certificates.crt -rw-r--r-- 1 root ssl-cert 2155 7. Apr 12:07 /etc/ssl/certs/server-cert.pem -rw-r----- 1 root ssl-cert 3243 8. Apr 2008 /etc/ssl/private/server-key.pem /home/client# grep TLS /etc/ldap/slapd.conf TLSCACertificateFile /etc/ssl/certs/cacert.pem TLSCertificateFile /etc/ssl/certs/server-cert.pem TLSCertificateKeyFile /etc/ssl/private/server-key.pem TLSCipherSuite NORMAL:!AES-128-CBC TLSVerifyClient try Further information: * slapd runs as user openldap which is in group ssl-cert * the CA certificate in /etc/ssl/certs/cacert.pem is contained in /etc/ssl/certs/ca-certificates.crt Best regards Peter -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-4-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages slapd depends on: ii adduser 3.112 add and remove users and groups ii coreutils 7.4-2 The GNU core utilities ii debconf [debconf-2.0] 1.5.32 Debian configuration management sy ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib ii libdb4.7 4.7.25-9 Berkeley v4.7 Database Libraries [ ii libgnutls26 2.8.6-1 the GNU TLS library - runtime libr ii libldap-2.4-2 2.4.21-1 OpenLDAP libraries ii libltdl7 2.2.6b-2 A system independent dlopen wrappe ii libperl5.10 5.10.1-12 shared Perl library ii libsasl2-2 2.1.23.dfsg1-5 Cyrus SASL - authentication abstra ii libslp1 1.2.1-7.7 OpenSLP libraries ii libwrap0 7.6.q-18 Wietse Venema's TCP wrappers libra ii lsb-base 3.2-23 Linux Standard Base 3.2 init scrip ii perl [libmime-base64-perl 5.10.1-12 Larry Wall's Practical Extraction ii psmisc 22.11-1 utilities that use the proc file s ii unixodbc 2.2.11-21 ODBC tools libraries Versions of packages slapd recommends: ii libsasl2-modules 2.1.23.dfsg1-5 Cyrus SASL - pluggable authenticat Versions of packages slapd suggests: ii ldap-utils 2.4.21-1pm1 OpenLDAP utilities -- debconf information: slapd/tlsciphersuite: shared/organization: adpm.de slapd/upgrade_slapcat_failure: slapd/backend: HDB slapd/allow_ldap_v2: false slapd/no_configuration: false slapd/move_old_database: true slapd/suffix_change: false slapd/dump_database_destdir: /var/backups/slapd-VERSION slapd/domain: adpm.de slapd/password_mismatch: slapd/invalid_config: true slapd/slurpd_obsolete: slapd/dump_database: when needed slapd/migrate_ldbm_to_bdb: false slapd/purge_database: false -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org