I have kaddressbook working fine with my openldap directory, but when I try to enable TLS security it fails. More precisely, when I go to Settings=>Configure KAddressBook =>LDAP Lookup, choose my host www.xyz.com (say), click on Security: TLS and press Query Server I get the message "LDAP server returned the error: Not Supported". On the other hand, I seem able to run ------------------------------------------- [tim@elizabeth ~]$ ldapsearch -x -ZZ ... # www.xyz.com dn: dc=www,dc=xyz,dc=com dc: www objectClass: top objectClass: domain ... # Address Book, www.xyz.com dn: ou=Address Book,dc=www,dc=xyz,dc=com objectClass: organizationalUnit ou: Address Book ... # search result search: 3 result: 0 Success # numResponses: 216 # numEntries: 215 ------------------------------------------- which suggests to me (but I may be wrong?) that TLS is working OK with ldap. Also, I seem able to connect: ------------------------------------------- [tim@elizabeth ~]$ openssl s_client -connect www.xyz.com:ldap CONNECTED(00000003) ------------------------------------------- The simplest explanation would be that kaddressbook was compiled without openldap/TLS enabled, if that is possible? Or maybe I am already using TLS? I have ------------------------------------------- TLS_REQCERT demand TLS_CACERT /etc/pki/tls/certs/cacert.pem ------------------------------------------- in /etc/openldap/ldap.conf on my laptop, which I would have thought would force TLS usage. (cacert.pem is the root certificate I got from CAcert.org , who certified my key.) As will probably be clear, I am not quite a newbie on openssl and openldap, but neither am I an expert. Incidentally, I do now have the recommended book on LDAP administration by Gerald Carter, which I am finding very instructive, but which has not elucidated this particular point. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
