[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS/SSL issues

--On Thursday, February 23, 2012 5:07 PM +1100 Paul Stephens <pauls@burnet.edu.au> wrote:



Having problems getting my TLS setup working.


Current setup:

Ubuntu 11.10 (3.0.0-16 server)

A few things:

a) Ubuntu uses GnuTLS instead of the safe, secure, and sane OpenSSL. This leads to all sorts of issues when using SSL/TLS on Ubuntu. I would advise rebuilding OpenLDAP linked to OpenSSL.

b) You're using a significantly old version of OpenLDAP (unrelated, but worth being aware of). I would advise building your own OpenLDAP build against a current release.

c) You fail to state the information particularly necessary, regardless of the above, which is to note what your TLS settings in slapd are.

I would note that if you are using a self-signed certificate, it still needs a self-created CA that is known by the LDAP server, via the TLSCA settings in the configuration.



Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra ::  the leader in open source messaging and collaboration