Introduction

Bugs relating to openldap typically fall into 1 category:

1. SSL connections not working (it is most probably a good idea to read the OpenLDAP FAQ about using TLS/SSL).

A good reference for common errors is here.

How to file

SSL connections failure

If the system is unable to connect to an ldap server via an SSL connection:

Add the content of the following files (if they exists):

 /etc/ldap/ldap.conf
 ~/.ldaprc
 ~/ldaprc

Add the content of TLS_CACERT file (set in one of the files above).

Install the following packages: ldap-utils and gnutls-bin.

* Attach the output of the following command line:

$ ldapsearch -d 7 ...other options to connect to ldap-server-hostname...

Example:

$ ldapsearch -d 7 -b "dc=example,dc=com" -D "cn=admin,dc=example,dc=com" -x -w adminpassword -H ldaps://ldap.example.com/

Obfuscate all relevant information (such as password, dn)

* output of the following command line:

gnutls-cli --x509cafile TLS_CACERT -p 636 ldap-server-hostname

Example:

gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p 636 ldap.example.com

Relevant package versions

Provide the output of the following command:

$ dpkg-query -W -f='${Package} ${Version} ${Source} ${Status}\n' | egrep 'slapd|ldap|gnutls'

Debugging procedure

How to Triage

Stock Reply

SSL connections failure

Thank you for taking the time to report this bug and helping to make Ubuntu better. Unfortunately we can't fix it without more information. 

Please include the information requested at https://wiki.ubuntu.com/DebuggingOpenldap#ssl-client-failure.

How to Forward

Known bugs

Non-bugs

CategoryBugSquad CategoryDebugging