Re: OpenLDAP starts, but...

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Tuesday, March 15, 2005 4:16 PM -0800 "Kurt D. Zeilenga" 
<Kurt@OpenLDAP.org> wrote:

> At 03:53 PM 3/15/2005, Pupeno wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Noone replied anywhere, should I consider this a bug ?
>
> You are free to consider it whatever you want to.
>
> But the project won't consider it a bug in OpenLDAP Software
> without sufficient evidence that it actually is a bug in
> OpenLDAP Software.  Until you have some evidence, there
> is no point in reporting a bug as such reports will be closed.
>
> I suggest you test your certificates using purely
> OpenSSL command line tools (e.g., s_client and s_server
> talking to each other).  If they don't work there, they won't
> work in OpenLDAP Software.   And if they don't work there,
> you'd have something that the OpenSSL folks might actually
> be able to help you with.  Until you have that working, there
> is little point in discussions here.

The OpenSSL client/server work.  The OpenSSL verify command with the 
trusted CA from cacert.org works.

However, using the openssl client to request the cert from his OpenLDAP 
server does not return a cert.  Testing the same thing against my ldap 
servers returned a cert.

--Quanah



--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin