[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#618612: kaddressbook: fails to connect with SSL for LDAP to a global catalog

This may be at heart a certificate issue.

I've been trying to get kaddressbook working with SSL access to the company 
LDAP; it's been failing with a dialog:

'Could not connect to host ldaps://cn%3d' [rest of URL omitted].

Running a query against the same server using the command line ldapsearch (in 
ldap-utils) also failed.

The problem turned out to be that a full certificate chain is required. The 
LDAP server is operating with a certificate signed by the company CA. The 
company CA certificate is not trusted by the standard Debian CAs.

I created a company subdirectory in /usr/share/ca-certificates, copied the 
company CA certificate into that subdirectory, ran

dpkg-reconfigure ca-certificates

and marked the company CA certificate as activated. ldapsearch then worked.

The next problem is to make KDE use the system CA certificate collection. In 
/usr/share/kde4/apps/kssl I did:

mv ca-bundle.crt ca-bundle.crt.orig
ln -s /etc/ssl/certs/ca-certificates.crt ca-bundle.crt

and LDAP lookups in KAddressBook and KMail now work.

http://www.mayrhofer.eu.org/node/46 (thanks, Rene!) shows a permanent 
alternative to the above that will withstand KDE upgrades.

I have the Debian Qt-KDE team KDE 4.6 packages on one machine. There I could 
add the CA certificates using the Settings 'SSL Preferences' dialog. However, I 
found I still needed to add the CA to the Debian list too; just adding it to 
KDE wasn't sufficient.
Jim Hague - jim.hague@acm.org          Never trust a computer you can't lift.

Reply to: