[Bug 66741] Re: Long delays enumerating users
Thank you for taking the time to report this issue and helping to make Ubuntu better. Examining the information you have given us, this does not appear to be a bug report so we are closing it and converting it to a question in the support tracker. We appreciate the difficulties you are facing, but it would make more sense to raise problems you are having in the support tracker at https://answers.launchpad.net/ubuntu if you are uncertain if they are bugs. For help on reporting bugs, see https://help.ubuntu.com/community/ReportingBugs . BugSquad ** Changed in: libnss-ldap (Ubuntu) Status: New = Invalid ** bug changed to question: https://answers.launchpad.net/ubuntu/+source/libnss-ldap/+question/55201 -- Long delays enumerating users https://bugs.launchpad.net/bugs/66741 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 66741] Re: Long delays enumerating users
Thank you for taking the time to report this issue and helping to make Ubuntu better. Examining the information you have given us, this does not appear to be a bug report so we are closing it and converting it to a question in the support tracker. We appreciate the difficulties you are facing, but it would make more sense to raise problems you are having in the support tracker at https://answers.launchpad.net/ubuntu if you are uncertain if they are bugs. For help on reporting bugs, see https://help.ubuntu.com/community/ReportingBugs . BugSquad ** Changed in: libnss-ldap (Ubuntu) Status: New = Invalid ** bug changed to question: https://answers.launchpad.net/ubuntu/+source/libnss-ldap/+question/55201 -- Long delays enumerating users https://bugs.launchpad.net/bugs/66741 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 66741] Re: Long delays enumerating users
Say me if i've to open a new bug, i've searched for 'tls_cacertfile' on launchpad but seems that there's no reference... no, wait a moment: https://bugs.launchpad.net/ubuntu/+source/libnss- ldap/+bug/241128 seems i've to use tls_checkpeer=yes, i'll do some tests. ;) No, whatever i set tls_checkpeer in /etc/ldap.conf, i *have* to set TLS_CACERT on /etc/ldap/ldap.conf to make it work. Say me if i can do something more to debug this... -- Long delays enumerating users https://bugs.launchpad.net/bugs/66741 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 66741] Re: Long delays enumerating users
Say me if i've to open a new bug, i've searched for 'tls_cacertfile' on launchpad but seems that there's no reference... no, wait a moment: https://bugs.launchpad.net/ubuntu/+source/libnss- ldap/+bug/241128 seems i've to use tls_checkpeer=yes, i'll do some tests. ;) No, whatever i set tls_checkpeer in /etc/ldap.conf, i *have* to set TLS_CACERT on /etc/ldap/ldap.conf to make it work. Say me if i can do something more to debug this... -- Long delays enumerating users https://bugs.launchpad.net/bugs/66741 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 66741] Re: Long delays enumerating users
Mandi! Mathias Gug In chel dì si favelave... Openldap 2.4 is compiled against gnutls which doesn't support TLS_CACERTDIR. See https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/242313. Uh, oh... this clearly solve this bug, because if TLS_CACERTDIR does not work anymore, clearly there's no certificates to 'enumerate'... ;-))) Issue 1 remain: why i've to set the 'global' /etc/ldap/ldap.conf CA certificate via TLS_CACERTDIR because the 'local' /etc/ldap.conf CA certificate via tls_cacertfile does not work? Say me if i've to open a new bug, i've searched for 'tls_cacertfile' on launchpad but seems that there's no reference... no, wait a moment: https://bugs.launchpad.net/ubuntu/+source/libnss- ldap/+bug/241128 seems i've to use tls_checkpeer=yes, i'll do some tests. ;) Make sure that you're not using self-signed certificates on the clients. No, i use a local CA built with TinyCA. -- Marco ``Gaio'' Gaiarin | LUG Pordenone(http://www.pordenone.linux.it) P.zza S. Tommaso, 20 | Lilliput BBS (http://bbs.lilliput.linux.it) Cimpello di Fiume Veneto | Azione Cattolica - Concordia-Pordenone 33080 Pordenone (Italia) | (http://www.ac.concordia-pordenone.it) Tel. +39-0434-56-1305 | http://www.gaiarin.it/ [EMAIL PROTECTED] -- Long delays enumerating users https://bugs.launchpad.net/bugs/66741 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 66741] Re: Long delays enumerating users
Mandi! Mathias Gug In chel dì si favelave... Openldap 2.4 is compiled against gnutls which doesn't support TLS_CACERTDIR. See https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/242313. Uh, oh... this clearly solve this bug, because if TLS_CACERTDIR does not work anymore, clearly there's no certificates to 'enumerate'... ;-))) Issue 1 remain: why i've to set the 'global' /etc/ldap/ldap.conf CA certificate via TLS_CACERTDIR because the 'local' /etc/ldap.conf CA certificate via tls_cacertfile does not work? Say me if i've to open a new bug, i've searched for 'tls_cacertfile' on launchpad but seems that there's no reference... no, wait a moment: https://bugs.launchpad.net/ubuntu/+source/libnss- ldap/+bug/241128 seems i've to use tls_checkpeer=yes, i'll do some tests. ;) Make sure that you're not using self-signed certificates on the clients. No, i use a local CA built with TinyCA. -- Marco ``Gaio'' Gaiarin | LUG Pordenone(http://www.pordenone.linux.it) P.zza S. Tommaso, 20 | Lilliput BBS (http://bbs.lilliput.linux.it) Cimpello di Fiume Veneto | Azione Cattolica - Concordia-Pordenone 33080 Pordenone (Italia) | (http://www.ac.concordia-pordenone.it) Tel. +39-0434-56-1305 | http://www.gaiarin.it/ [EMAIL PROTECTED] -- Long delays enumerating users https://bugs.launchpad.net/bugs/66741 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 66741] Re: Long delays enumerating users
Still an issue (Ubuntu hardy just upgraded), but on a different way. Effectively there's no more delay 'enumerating' certificates, but still there's are some trouble or at least things that i cannot explain. For example: 1) the only way to have libnss-ldap/libpam-ldap using correct cerificate are to put it as 'TLS_CACERT /etc/ssl/certs/LNFFVG.pem' in /etc/ldap/ldap.conf (libldap 'global' config file); if i put 'tls_cacertfile /etc/ssl/certs/LNFFVG.pem' on /etc/ldap.conf, they are completely ignored. 2) seems that now setting TLS_CACERTDIR (for /etc/ldap/ldap.conf) or tls_cacertdir (for /etc/ldap.conf) does nothing, eg you have to select the certificate explicitly to make it work. Clearly my CA certificate are on place, correctly 'hashed' with c_rehash. The second problem seems a general libldap bug or misunderstanding, because if i comment out TLS_CACERT on /etc/ldap/ldap.conf also simple tools like ldapsearch stop to work. Boh. -- Long delays enumerating users https://bugs.launchpad.net/bugs/66741 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 66741] Re: Long delays enumerating users
On Fri, Sep 05, 2008 at 02:27:16PM -, Marco Gaiarin wrote: 2) seems that now setting TLS_CACERTDIR (for /etc/ldap/ldap.conf) or tls_cacertdir (for /etc/ldap.conf) does nothing, eg you have to select the certificate explicitly to make it work. Openldap 2.4 is compiled against gnutls which doesn't support TLS_CACERTDIR. See https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/242313. Clearly my CA certificate are on place, correctly 'hashed' with c_rehash. The second problem seems a general libldap bug or misunderstanding, because if i comment out TLS_CACERT on /etc/ldap/ldap.conf also simple tools like ldapsearch stop to work. Boh. Make sure that you're not using self-signed certificates on the clients. -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- Long delays enumerating users https://bugs.launchpad.net/bugs/66741 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 66741] Re: Long delays enumerating users
Still an issue (Ubuntu hardy just upgraded), but on a different way. Effectively there's no more delay 'enumerating' certificates, but still there's are some trouble or at least things that i cannot explain. For example: 1) the only way to have libnss-ldap/libpam-ldap using correct cerificate are to put it as 'TLS_CACERT /etc/ssl/certs/LNFFVG.pem' in /etc/ldap/ldap.conf (libldap 'global' config file); if i put 'tls_cacertfile /etc/ssl/certs/LNFFVG.pem' on /etc/ldap.conf, they are completely ignored. 2) seems that now setting TLS_CACERTDIR (for /etc/ldap/ldap.conf) or tls_cacertdir (for /etc/ldap.conf) does nothing, eg you have to select the certificate explicitly to make it work. Clearly my CA certificate are on place, correctly 'hashed' with c_rehash. The second problem seems a general libldap bug or misunderstanding, because if i comment out TLS_CACERT on /etc/ldap/ldap.conf also simple tools like ldapsearch stop to work. Boh. -- Long delays enumerating users https://bugs.launchpad.net/bugs/66741 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 66741] Re: Long delays enumerating users
On Fri, Sep 05, 2008 at 02:27:16PM -, Marco Gaiarin wrote: 2) seems that now setting TLS_CACERTDIR (for /etc/ldap/ldap.conf) or tls_cacertdir (for /etc/ldap.conf) does nothing, eg you have to select the certificate explicitly to make it work. Openldap 2.4 is compiled against gnutls which doesn't support TLS_CACERTDIR. See https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/242313. Clearly my CA certificate are on place, correctly 'hashed' with c_rehash. The second problem seems a general libldap bug or misunderstanding, because if i comment out TLS_CACERT on /etc/ldap/ldap.conf also simple tools like ldapsearch stop to work. Boh. Make sure that you're not using self-signed certificates on the clients. -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- Long delays enumerating users https://bugs.launchpad.net/bugs/66741 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 66741] Re: Long delays enumerating users
Hi there, Since this bug report is almost two years old, I was wondering if this is still an issue or if it can be reproduced? Thanks, ~Mike -- Long delays enumerating users https://bugs.launchpad.net/bugs/66741 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 66741] Re: Long delays enumerating users
Hi there, Since this bug report is almost two years old, I was wondering if this is still an issue or if it can be reproduced? Thanks, ~Mike -- Long delays enumerating users https://bugs.launchpad.net/bugs/66741 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
