[gentoo-user] Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch
Hi Denis! Denis Sacchet wrote: > http://www.ouba.org/strace.slapd.no.probleme.tls.200712070838 > http://www.ouba.org/strace.slapd.probleme.tls.200712070809 > http://www.ouba.org/syslog.slapd.tls.problem.200712070804 You probably have to adjust the permissions on the files - Apache doesn't want to present them ;-) Cheers, Fabian -- [EMAIL PROTECTED] mailing list
[gentoo-user] Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch
Quanah Gibson-Mount wrote: > I believe you sent this to the wrong person. > > --Quanah Oh, indeed, sorry :-) Cheers, Fabian -- [EMAIL PROTECTED] mailing list
[gentoo-user] Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch
Howard Chu wrote: > The fact that a reboot is required indicates that any problem is not in any > user-level code. Maybe your /dev/random has run out of entropy, or some > other underlying system resource is gone. Maybe strace would help here. Thanks for pointing me into the right direction. I can remember having problems with Apache and mod_ssl in the past as they lacked of entropy with no keyboard and mouse being attached to the machine. I have just installed rng-tools and hope that this might solve the issues. I'll report on it as soon as I can confirm that this was the cause. Cheers, Fabian -- [EMAIL PROTECTED] mailing list
[gentoo-user] Re: Strange TLS behaviour with slapd 2.3.30 on Debian Etch
Howard Chu wrote: > Fabian Steiner wrote: > > Of course, I don't want to hijack the OP's thread but as our problems > > seem to be rather similar I can also provide the corresponding slapd log: > > This looks like a simple configuration error; you have slapd configured to > require client certificates and the client didn't send one. Either you need > to configure the client with a certificate, or you need to relax the > requirement on the server. > [...] In fact, this was also our first assumption after having analyzed the output for the very first time but due to our configuration this should't happen: [...] TLSCertificateFile /etc/ssl-certs/ldap.crt TLSCertificateKeyFile /etc/ssl-certs/ldap.key TLSCACertificateFile/etc/ssl-certs/ca.crt TLSVerifyClient never [...] Moreover, this wouldn't explain why it /does/ work for some time (as far as our case is concerned it works as long as slapd isn't restarted). Once the problem has occured the server has to be rebooted in order to ensure a working setup again :-( Thanks, Fabian -- [EMAIL PROTECTED] mailing list
