[Date Prev][Date Next] [Chronological] [Thread] [Top]

fails to start ldaps://

To: openldap-technical@openldap.org
Subject: fails to start ldaps://
From: owen nirvana <freeespeech@gmail.com>
Date: Wed, 30 Jun 2010 19:30:28 +0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:from:date :message-id:subject:to:content-type; bh=wTU+dvnwbcnvktcSODqp3eaTltr9sNvlyWH3Cuf8sJE=; b=ROP/zgtcbTtemvsX49d5ZxIJtTba2CUidscEDer0TEH72NN39ze7wpZ03Hz6j0VOip tkSyIJf0i8/y2QCkBnsGI+Eb149p4t31J0V1mRHhNcZ8Yxdlhu6zleDvJRWjGbnP0EcH MLycYqS0Ieh/1uyx2bdPUtFxgEJgC12aZ5zb0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; b=KKAsaMjeRrsVGsgWb9f24Akw97X5Mg8SfbK27RCSRgZLroLrbDVNisogRF7MeoTZbG f3vKnvboTZS5OfMaycECOl9n9sC2832RdHd7pE0V8dczm1sREwgd8aGnZ633iybUm6BO 8BzqyGJjhdEawDJfgks00GbVuXfGiTCW2utKM=

it's openldap-2.4.17 in debian testing
I try to config slapd.conf to use ldap ssl.

TLSCACertificateFile cacert.pem
TLSCertificateFile ldapclient.pem
TLSCertificateKeyFile ldapclientkey.pem
TLSVerifyClient never

I could not start slapd after I config TLS in slapd.conf, error info is "Main: TLS init def ctx failed: -69"

the OpenLDAP Admin Guide only mentions CipherSuite in OpenSSL, not GnuTLS. Steve Langasek advice leave TLSCipherSuite blank(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462588), and I do config so.

But if I config some specific CipherSuite or just "ALL", error info will be "TLS: could not set cipher list ALL. Main: TLS init def ctx failed: -1"

gtalk:freeespeech@gmail.com

Prev by Date: LDAP proxy with local database
Next by Date: Re: ACL to allow an attribute to be cleared, but not changed to something else?
Index(es):
- Chronological
- Thread