Marking this bug as invalid - seems that most of the issues reported
here are configuration issues: file permissions, apparmor profile,
certifcates chain.
** Changed in: openldap (Ubuntu)
Status: Confirmed = Invalid
--
ldap tls refusing to initialize
** Changed in: openldap (Ubuntu)
Importance: Undecided = Low
--
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.
--
Ubuntu-server-bugs mailing
For the time being, I posted an update for the network-auth.xml in
ubuntu-docs.
https://bugs.launchpad.net/ubuntu/+source/ubuntu-docs/+bug/437483
--
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
I was using the how-to referenced by the OP. I was also using this one
on certificates.
https://help.ubuntu.com/9.04/serverguide/C/certificates-and-
security.html
What got me messed up was a small, but important point that got lost
between the two how-tos. The LDAP how-to takes advantage of
In the meantime, does anybody have a work-around for this? I've hit
this problem on a vanilla Ubuntu 9.04 server install and can't get past
it!
--
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Server
Yes, continues to be annoying.
One thing to do is to carefully verify the certificate chain you have
configured for LDAP use. If the certificate is self-signed, then don't
configure the olcCACertificateFile item. Otherwise, make sure the CA
signing the certificate has its certificate in this
Well, after much pain and suffering for me it turned out to be a simple
permissions problem. I believe the how-to should be changed to ensure
this doesn't happen to anyone else. Problem was that my private
keyfile did not provide read permissions to the group.
sudo chmod g+r
Thanks Dave. I agree about the docs on this. Can you comment on which
howto you were using?
--
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.
--
Playing around with the source today and debugging slapd with gdb.
It appears that much of the pain here is in tls_g.c, the wrappers for
gnutls. The function tlsg_ctx_init in particular. This is where, at
least for my configuration, most of the failures are occurring. And the
code in this
Same here. I have a vanilla Januty install (Atom-330 with 64-bit Januty,
if this makes any difference) and following the above instructions that
Peter referenced fails for me with the same error and my ldap.conf also
doesn't have this TLS_RANDFILE set.
--
ldap tls refusing to initialize
Interesting. My version also was an upgrade from
hardy-intrepid-jaunty. My /etc/ldap/ldap.conf doesn't contain a line
about TLS_RANDFILE though, and my install doesn't report the TLS:
gcry_control error, rather, there is nothing other than the main: TLS
init def ctx failed: -1 complaint. I
I do confirm this.
And: Howard Chu still explains NOT TO USE GNUTLS with openldap! It is
broken by design! Do not wonder for strange behavior, if you do not
trust the core developers.
http://www.openldap.org/lists/openldap-devel/200802/msg00072.html
I have asked Howard a couple of days ago and
Interesting that there is the TLS complaint through TLS: gcry_control
...
Nothing like that in mine. I was looking through the source a bit last
night on this. It seems that the TLS init call is returning a -1 error
code under some circumstances without really throwing another error
message.
** Changed in: openldap (Ubuntu)
Status: Invalid = New
--
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.
--
Ubuntu-server-bugs mailing
Thanks Mr. Gug. I checked this, placing the apparmor profile into
complain mode with sudo aa-complain /usr/sbin/slapd.
The same problem occurs with an attempt to start slapd, but there are no
entries in /var/log/kern.log associated and no audit entries.
I also moved the certificates and keys
15 matches
Mail list logo
