Kurt Yoder wrote:
Hello all,
On Ubuntu, I have set up an LDAP server and am authenticating to it over SSL for my LDAP queries. I had it working on previous Ubuntu releases, but something seems to have changed in the newest release (maybe this: http://www.debian-administration.org/users/dkg/weblog/ 42). I am having trouble figuring out exactly what is breaking.
Some background: I have set up my own CA and generated a certificate for it, which the LDAP server is using. Without specifying this CA, I get "self-signed certificate" errors when connecting:
My openldap is version 2.4.15 on Ubuntu Jaunty. Interestingly, I had the same message about self-signed certificates on previous Ubuntu versions, but querying ldap with "TLS_REQCERT demand" works fine.
Always START by listing your software versions, don't bury them towards the bottom of your email.
The GnuTLS issues with X.509v1 certs were fixed in 2.4.16, so you need to upgrade.