Eric Falbe wrote:
Yes, the openldap rpm was just updated, but it did not take effect until the slapd deamon was restarted. I have not explicitly tried to use the Mozilla NSS database, I did not use the TLSCADIR(?) attribute and instead used: olcTLSCertificateFile , olcTLSCertificateKeyFile, and olcTLSCACertificateFile.
I will look into that bug and the documentation you pointed me at.
For the record, RedHat uses Mozilla NSS, not GnuTLS. But regardless, neither is recommended. Quoting from the bug report linked below:
https://bugzilla.redhat.com/show_bug.cgi?id=707599#c56
"Finally, I have a solution, there were too many bugs which were complicating this:"
The referenced bugs were eventually fixed, but myriad problems remain and MozNSS itself is fundamentally broken by design; or rather, it was designed for single-user web browsers and was never meant to be used as a system library that multi-user services depend on. If you enjoy pounding square pegs into round holes, you can keep trying to use OpenLDAP as built by RedHat, but most sensible people will use something that's actually fit for the purpose.
Thanks Eric Falbe
On Thu, Mar 6, 2014 at 5:29 PM, Terje Trane <terjet@funcom.com mailto:terjet@funcom.com> wrote:
On 05.03.2014 22:27, Eric Falbe wrote: I have attempted to rebuild the database backend (with slapcat and slapadd), but am still getting this same error. I have my ssl (self-signed) certificates located in /etc/pki/tls/certs/ldap.__cassens.com.pem /etc/pki/tls/tls/certa/ca.pem /etc/pki/tls/private/ldap.__cassens.comKey.pem These certificates worked fine up untill today, does anyone have any insight on where to look to being troubleshooting this issue? Just a guess, but was the openldap rpm just updated? (or the service just restarted for the first time after a previous update). Could this be related to RedHat/CentOS rpms deciding to start using GnuTLS instead of OpenSSL? Try searching in their bug databases. E.g.: https://bugzilla.redhat.com/__show_bug.cgi?id=707599 <https://bugzilla.redhat.com/show_bug.cgi?id=707599> --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com