DebuggingOpenldap
|
Size: 3456
Comment:
|
Size: 3947
Comment: added FAQ link for using TLS/SSL
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 6: | Line 6: |
| Bugs relating to openldap typically fall into X categories: 1. SSL connections not working. |
Bugs relating to openldap typically fall into 1 category: 1. SSL connections not working (it is most probably a good idea to read the OpenLDAP FAQ about [[http://www.openldap.org/faq/data/cache/185.html|using TLS/SSL]]). |
| Line 18: | Line 18: |
| * /etc/ldap/ldap.conf * ~/.ldaprc *~/ldaprc |
{{{ /etc/ldap/ldap.conf ~/.ldaprc ~/ldaprc }}} |
| Line 22: | Line 24: |
| Add the content of TLS_CACERT file (set in one of the files above). | Add the content of {{{TLS_CACERT file}}} (set in one of the files above). |
| Line 28: | Line 30: |
| $ ldapsearch -d 1 ...other options to connect to ldap-server-hostname... | $ ldapsearch -d 7 ...other options to connect to ldap-server-hostname... |
| Line 33: | Line 35: |
| $ ldapsearch -d 1 -b "dc=example,dc=com" -D "cn=admin,dc=example,dc=com" -x -w adminpassword -H ldaps://ldap.example.com/ | $ ldapsearch -d 7 -b "dc=example,dc=com" -D "cn=admin,dc=example,dc=com" -x -w adminpassword -H ldaps://ldap.example.com/ |
| Line 48: | Line 50: |
| Relevant package versions Provide the output of the following command: {{{ $ dpkg-query -W -f='${Package} ${Version} ${Source} ${Status}\n' | egrep 'slapd|ldap|gnutls' }}} |
|
| Line 60: | Line 70: |
| === SSL connections failure === | ## StockReplyStart ==== SSL connections failure ==== |
| Line 63: | Line 75: |
| Thank you for taking the time to report this bug and helping to make Ubuntu better. | Thank you for taking the time to report this bug and helping to make Ubuntu better. Unfortunately we can't fix it without more information. |
| Line 65: | Line 77: |
| Could you provide the following information | Please include the information requested at https://wiki.ubuntu.com/DebuggingOpenldap#ssl-client-failure. }}} ## StockReplyEnd |
This page is part of the debugging series — pages with debugging details for a variety of Ubuntu packages. |
Contents |
Introduction
Bugs relating to openldap typically fall into 1 category:
SSL connections not working (it is most probably a good idea to read the OpenLDAP FAQ about using TLS/SSL).
How to file
SSL connections failure
If the system is unable to connect to an ldap server via an SSL connection:
Add the content of the following files (if they exists):
/etc/ldap/ldap.conf ~/.ldaprc ~/ldaprc
Add the content of TLS_CACERT file (set in one of the files above).
Install the following packages: ldap-utils and gnutls-bin.
* Attach the output of the following command line:
$ ldapsearch -d 7 ...other options to connect to ldap-server-hostname...
Example:
$ ldapsearch -d 7 -b "dc=example,dc=com" -D "cn=admin,dc=example,dc=com" -x -w adminpassword -H ldaps://ldap.example.com/
Obfuscate all relevant information (such as password, dn)
* output of the following command line:
gnutls-cli --x509cafile TLS_CACERT -p 636 ldap-server-hostname
Example:
gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p 636 ldap.example.com
Relevant package versions
Provide the output of the following command:
$ dpkg-query -W -f='${Package} ${Version} ${Source} ${Status}\n' | egrep 'slapd|ldap|gnutls'
Debugging procedure
How to Triage
Stock Reply
SSL connections failure
Thank you for taking the time to report this bug and helping to make Ubuntu better. Unfortunately we can't fix it without more information. Please include the information requested at https://wiki.ubuntu.com/DebuggingOpenldap#ssl-client-failure.
How to Forward
Known bugs
Non-bugs
DebuggingOpenldap (last edited 2010-07-13 20:35:08 by pool-71-252-251-234)