Re: OpenLDAP starts, but...

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 04:30 PM 3/15/2005, Quanah Gibson-Mount wrote:


>--On Tuesday, March 15, 2005 4:16 PM -0800 "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:
>
>>At 03:53 PM 3/15/2005, Pupeno wrote:
>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>Hash: SHA1
>>>
>>>Noone replied anywhere, should I consider this a bug ?
>>
>>You are free to consider it whatever you want to.
>>
>>But the project won't consider it a bug in OpenLDAP Software
>>without sufficient evidence that it actually is a bug in
>>OpenLDAP Software.  Until you have some evidence, there
>>is no point in reporting a bug as such reports will be closed.
>>
>>I suggest you test your certificates using purely
>>OpenSSL command line tools (e.g., s_client and s_server
>>talking to each other).  If they don't work there, they won't
>>work in OpenLDAP Software.   And if they don't work there,
>>you'd have something that the OpenSSL folks might actually
>>be able to help you with.  Until you have that working, there
>>is little point in discussions here.
>
>The OpenSSL client/server work.

I don't believe Pupeno has expressed this publicly yet.
As far as I can tell, he's using s_client against slapd.
Where's the evidence (or his statement) that s_client is
working against s_server (on the systems he's having
problems with)?  If he's gotten s_client to work with
s_server, and verify to report no errors... then he should
say so.

And if s_client/s_server are working, what about ldapsearch(1)
to s_server?

>The OpenSSL verify command with the trusted CA from cacert.org works.

Looks to me (from his OpenSSL post) that a verify command is
returning errors.

>However, using the openssl client to request the cert from his OpenLDAP server does not return a cert.  Testing the same thing against my ldap servers returned a cert.

Well, if ldapsearch(1) works to s_server on his system, and
works against your server, I'd guess his server runtime
environment hosed.  File permissions or something.

Kurt