[Date Prev][Date Next]
Re: OpenLDAP starts, but...
-----BEGIN PGP SIGNED MESSAGE-----
Je Mardo Marto 15 2005 23:59, Kurt D. Zeilenga skribis:
> Given this error:
> TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
> I'd make sure your ciphersuite settings are sensible. Given
> that ldapsearch was able to agree on a cipher with s_server,
> particular attention to the slapd(8) cipher setting would
> be appropriate. I suggest commenting out any TLSCipherSuite
> directive that you might have in slapd.conf(5) (since you
> didn't provide a -cipher to s_server).
For most of my tests I used no TLSCipherSuite option, so, that doesn't solve
> (And, before you
> add TLSCipherSuite/TLS_CIPHER_SUITE back into to your OpenLDAP
> configuration, you test with -cipher first.)
I wouldn't know what set of ciphers to use, I've tried the ones defined by
Apache (which works) and several examples from the internet. Nothing works.
> And, if that doesn't help, example other settings. You
> should be able to translate your s_client/s_server success
> to ldapsearch/slapd success. There is a direct relationship
> between s_client/s_server options and ldapsearch/slapd
> configuration options.
Well, in that case, I could say that the defaults work for s_client/s_server
and not for ldapsearch/slapd.
> And if that doesn't help... I'd make sure you have not only
> have the latest "stable" releases of OpenLDAP and OpenSSL
> installed, but that you've installed them properly.
# epm -q openldap
# epm -q openssl
I've just let Gentoo manage the installation, it worked for other people.
Pupeno: firstname.lastname@example.org - http://pupeno.com
Reading Science Fiction ? http://sfreaders.com.ar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
-----END PGP SIGNATURE-----