[Date Prev][Date Next] [Chronological] [Thread] [Top]

libnss-ldap and slapd (was: TLS configuration needs client certification (why?))

To: openldap-software@openldap.org
Subject: libnss-ldap and slapd (was: TLS configuration needs client certification (why?))
From: Frank Cornelissen <frankc@t310.org>
Date: Thu, 23 Aug 2007 01:15:47 +0200
Cc: rb@debian.org, sfrost@debian.org, torsten@debian.org
In-reply-to: <DE3379B3-D1ED-4DB2-9BEB-000963984898@t310.org>
References: <DE3379B3-D1ED-4DB2-9BEB-000963984898@t310.org>


On Aug 15, 2007, at 9:00 AM, Frank Cornelissen wrote:

Hello all,
why does slapd require a peer/client certificate? I'm slapd 2.3.30 on debian (package 2.3.30-5 to be precise).
when connexting with ssl to slapd using
        ldapsearch -H ldaps://artemis.t310.org -b dc=t310,dc=org -x
I get the following error from slapd (started with -d 8):
TLS: can't accept. TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate s3_srvr.c:2455


<snip>

After some debugging, this seems to be caused by the fact that on this machine libnss-ldap is enabled. This library will be loaded and will set some libldap options which seem to be global and thus interfering with the options from slapd. Anybody got an idea how to solve this, apart from setting up a seperate machine for openldap|?

Thanks in advance,

Frank Cornelissen

Follow-Ups:
- Re: libnss-ldap and slapd
  - From: Russ Allbery <rra@stanford.edu>
- Re: libnss-ldap and slapd (was: TLS configuration needs client certification (why?))
  - From: "Buchan Milne" <bgmilne@gmail.com>

References:
- TLS configuration needs client certification (why?)
  - From: Frank Cornelissen <frankc@t310.org>

Prev by Date: Re: Delta-syncrepl issues when missing schema
Next by Date: Re: 'simpleSecurityObject' requires attribute 'userPassword'
Index(es):
- Chronological
- Thread