Bug#618612: kaddressbook: fails to connect with SSL for LDAP to a global catalog
This may be at heart a certificate issue.
I've been trying to get kaddressbook working with SSL access to the company
LDAP; it's been failing with a dialog:
'Could not connect to host ldaps://cn%3d' [rest of URL omitted].
Running a query against the same server using the command line ldapsearch (in
ldap-utils) also failed.
The problem turned out to be that a full certificate chain is required. The
LDAP server is operating with a certificate signed by the company CA. The
company CA certificate is not trusted by the standard Debian CAs.
I created a company subdirectory in /usr/share/ca-certificates, copied the
company CA certificate into that subdirectory, ran
and marked the company CA certificate as activated. ldapsearch then worked.
The next problem is to make KDE use the system CA certificate collection. In
/usr/share/kde4/apps/kssl I did:
mv ca-bundle.crt ca-bundle.crt.orig
ln -s /etc/ssl/certs/ca-certificates.crt ca-bundle.crt
and LDAP lookups in KAddressBook and KMail now work.
http://www.mayrhofer.eu.org/node/46 (thanks, Rene!) shows a permanent
alternative to the above that will withstand KDE upgrades.
I have the Debian Qt-KDE team KDE 4.6 packages on one machine. There I could
add the CA certificates using the Settings 'SSL Preferences' dialog. However, I
found I still needed to add the CA to the Debian list too; just adding it to
KDE wasn't sufficient.
Jim Hague - firstname.lastname@example.org Never trust a computer you can't lift.