Bug#618612: kaddressbook: fails to connect with SSL for LDAP to a global catalog
This may be at heart a certificate issue.
I've been trying to get kaddressbook working with SSL access to the company
LDAP; it's been failing with a dialog:
'Could not connect to host ldaps://cn%3d' [rest of URL omitted].
Running a query against the same server using the command line ldapsearch (in
ldap-utils) also failed.
The problem turned out to be that a full certificate chain is required. The
LDAP server is operating with a certificate signed by the company CA. The
company CA certificate is not trusted by the standard Debian CAs.
I created a company subdirectory in /usr/share/ca-certificates, copied the
company CA certificate into that subdirectory, ran
dpkg-reconfigure ca-certificates
and marked the company CA certificate as activated. ldapsearch then worked.
The next problem is to make KDE use the system CA certificate collection. In
/usr/share/kde4/apps/kssl I did:
mv ca-bundle.crt ca-bundle.crt.orig
ln -s /etc/ssl/certs/ca-certificates.crt ca-bundle.crt
and LDAP lookups in KAddressBook and KMail now work.
http://www.mayrhofer.eu.org/node/46 (thanks, Rene!) shows a permanent
alternative to the above that will withstand KDE upgrades.
I have the Debian Qt-KDE team KDE 4.6 packages on one machine. There I could
add the CA certificates using the Settings 'SSL Preferences' dialog. However, I
found I still needed to add the CA to the Debian list too; just adding it to
KDE wasn't sufficient.
--
Jim Hague - jim.hague@acm.org Never trust a computer you can't lift.
Reply to: