[Date Prev][Date Next]
Re: TLS secure connection problem
- To: firstname.lastname@example.org
- Subject: Re: TLS secure connection problem
- From: Tamás Pisch <email@example.com>
- Date: Thu, 16 Jul 2009 12:51:10 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:content-type; bh=ZPujn0PC8LFzd5sncOPjiIzH67hrO6ZYpP8EDO1Ou2A=; b=daobGGdGg/EPOcgyHG5/n6+GcXi2+TROayVAydLi2s/GVYpYY+G7V3KPDR79Ct3UJi GtU7/tsQ11lTzSugNZ+qlgAP9ASUqpjMOZts3e1ThgldpqYKuAvzclnXAebFWq3PpiYh 6KLdT5ogzNjCOnhpmVsWjKL+PquQUBOxoWFIg=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; b=qP0cjwmapYT10z/EBLGHhoX8tggF600KoshxN4XcNokoNhjIZWpIuqTJ1U3zHoMEDE 8hC80NsYDIY/UOCnQkZm4r4CJi9RdDq46ypFCtJcm5WIUFHiGodtJ2HN6VtEbhRCaN9C OIOsy+Y+OB5DDHfE4UsJUp6B5kpyRPgqdXu3s=
- In-reply-to: <4A5EFB56.firstname.lastname@example.org>
- References: <email@example.com> <firstname.lastname@example.org> <4A5EFB56.email@example.com>
2009/7/16 Michael Ströder <firstname.lastname@example.org>
Tamás Pisch wrote:Not sure whether that's your particular problem but on Debian OpenLDAP
> I installed Openldap 2.4.11-1 on two Debian Lenny servers (srv3, srv4),
> in mastrer-slave configuration.
is linked against GnuTLS. There have been some GnuTLS-related fixes in
OpenLDAP after 2.4.11. So you should first try to upgrade to 2.4.17 (or
convince the package maintainer to provide an update for 2.4.17).
Thanks for your advice. At first, I don't want to change the default version, just later, if nothing else will help. I found 2.4.15-1.1_amd64 On debian.org.
However, I realized that I can connect to srv3 from my Linux desktop, with Luma. First, I tried the TLS option, because I knew too about the Debian specific GnuTLS compilation. With the TLS option, it didn't work, but with the SSL option, it worked! Unfortunately, I don't know enough about ldap and SSL/TLS, so I don't know, how to take advantage of this.