[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: ldap and tls

On Tue, Mar 31, 2009 at 01:38:29PM -0700, Maria McKinley wrote:
> Predrag Gavrilovic wrote:


> > Try stoping slapd, put certificate information in config file, and
> > start slapd manualy with debugging "slapd -u openldap  -g openldap -h
> > ldapi:/// -d255". Are there more indicative error messages?
> Here is what I believe are the relevant lines
> TLS: could not set cipher list HIGH.
> main: TLS init def ctx failed: -1

maybe the cypher suite names have changed from openssl to gnutls,
another catch I have found is that gnutls doesn't support encrypted
private keys!  I find this to be a pain, why use a private key if you
can't encrypt it - which is why I compile my own ldap libraries against

> slapd destroy: freeing system resources.
> slapd stopped.
> connections_destroy: nothing to destroy.


> thanks for the help,
> maria

"I hope I--I don't want to sound like I've made no mistakes. I'm confident I have. I just haven't--you just put me under the spot here, and maybe I'm not as quick on my feet as I should be in coming up with one."

	- George W. Bush
Washington, DC
Press Conference - after being asked to name the biggest mistake he had made

Attachment: signature.asc
Description: Digital signature

Reply to: