[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP starts, but...
At 04:30 PM 3/15/2005, Quanah Gibson-Mount wrote:
>--On Tuesday, March 15, 2005 4:16 PM -0800 "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:
>
>>At 03:53 PM 3/15/2005, Pupeno wrote:
>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>Hash: SHA1
>>>
>>>Noone replied anywhere, should I consider this a bug ?
>>
>>You are free to consider it whatever you want to.
>>
>>But the project won't consider it a bug in OpenLDAP Software
>>without sufficient evidence that it actually is a bug in
>>OpenLDAP Software. Until you have some evidence, there
>>is no point in reporting a bug as such reports will be closed.
>>
>>I suggest you test your certificates using purely
>>OpenSSL command line tools (e.g., s_client and s_server
>>talking to each other). If they don't work there, they won't
>>work in OpenLDAP Software. And if they don't work there,
>>you'd have something that the OpenSSL folks might actually
>>be able to help you with. Until you have that working, there
>>is little point in discussions here.
>
>The OpenSSL client/server work.
I don't believe Pupeno has expressed this publicly yet.
As far as I can tell, he's using s_client against slapd.
Where's the evidence (or his statement) that s_client is
working against s_server (on the systems he's having
problems with)? If he's gotten s_client to work with
s_server, and verify to report no errors... then he should
say so.
And if s_client/s_server are working, what about ldapsearch(1)
to s_server?
>The OpenSSL verify command with the trusted CA from cacert.org works.
Looks to me (from his OpenSSL post) that a verify command is
returning errors.
>However, using the openssl client to request the cert from his OpenLDAP server does not return a cert. Testing the same thing against my ldap servers returned a cert.
Well, if ldapsearch(1) works to s_server on his system, and
works against your server, I'd guess his server runtime
environment hosed. File permissions or something.
Kurt