[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: ldap and tls



On Tue, Mar 31, 2009 at 01:38:29PM -0700, Maria McKinley wrote:
> Predrag Gavrilovic wrote:
>

[snip]

> > Try stoping slapd, put certificate information in config file, and
> > start slapd manualy with debugging "slapd -u openldap  -g openldap -h
> > ldapi:/// -d255". Are there more indicative error messages?
>
> Here is what I believe are the relevant lines
>
> TLS: could not set cipher list HIGH.
> main: TLS init def ctx failed: -1

maybe the cypher suite names have changed from openssl to gnutls,
another catch I have found is that gnutls doesn't support encrypted
private keys!  I find this to be a pain, why use a private key if you
can't encrypt it - which is why I compile my own ldap libraries against
openssl



> slapd destroy: freeing system resources.
> slapd stopped.
> connections_destroy: nothing to destroy.
>

[snip]

>
> thanks for the help,
> maria
>
>
>
>

-- 
"I hope I--I don't want to sound like I've made no mistakes. I'm confident I have. I just haven't--you just put me under the spot here, and maybe I'm not as quick on my feet as I should be in coming up with one."

	- George W. Bush
04/03/2004
Washington, DC
Press Conference - after being asked to name the biggest mistake he had made

Attachment: signature.asc
Description: Digital signature


Reply to: