[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP starts, but...

Hash: SHA1

Je Mardo Marto 15 2005 23:59, Kurt D. Zeilenga skribis:
> Given this error:
>   TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
> I'd make sure your ciphersuite settings are sensible.  Given
> that ldapsearch was able to agree on a cipher with s_server,
> particular attention to the slapd(8) cipher setting would
> be appropriate.  I suggest commenting out any TLSCipherSuite
> directive that you might have in slapd.conf(5) (since you
> didn't provide a -cipher to s_server).
For most of my tests I used no TLSCipherSuite option, so, that doesn't solve 

> (And, before you 
> add TLSCipherSuite/TLS_CIPHER_SUITE back into to your OpenLDAP
> configuration, you test with -cipher first.)
I wouldn't know what set of ciphers to use, I've tried the ones defined by 
Apache (which works) and several examples from the internet. Nothing works.

> And, if that doesn't help, example other settings.  You
> should be able to translate your s_client/s_server success
> to ldapsearch/slapd success.  There is a direct relationship
> between s_client/s_server options and ldapsearch/slapd
> configuration options.
Well, in that case, I could say that the defaults work for s_client/s_server 
and not for ldapsearch/slapd.

> And if that doesn't help... I'd make sure you have not only
> have the latest "stable" releases of OpenLDAP and OpenSSL
> installed, but that you've installed them properly.
# epm -q openldap
# epm -q openssl
I've just let Gentoo manage the installation, it worked for other people.

Thank you.
- -- 
Pupeno: pupeno@pupeno.com - http://pupeno.com
Reading Science Fiction ? http://sfreaders.com.ar
Version: GnuPG v1.2.6 (GNU/Linux)