On Tue, 2008-05-13 at 14:35 +0100, Timothy Murphy wrote: > I have kaddressbook working fine with my openldap directory, > but when I try to enable TLS security it fails. > > More precisely, when I go to Settings=>Configure KAddressBook > =>LDAP Lookup, choose my host www.xyz.com (say), > click on Security: TLS and press Query Server > I get the message "LDAP server returned the error: Not Supported". > > On the other hand, I seem able to run > ------------------------------------------- > [tim@elizabeth ~]$ ldapsearch -x -ZZ > ... > # www.xyz.com > dn: dc=www,dc=xyz,dc=com > dc: www > objectClass: top > objectClass: domain > ... > # Address Book, www.xyz.com > dn: ou=Address Book,dc=www,dc=xyz,dc=com > objectClass: organizationalUnit > ou: Address Book > ... > # search result > search: 3 > result: 0 Success > > # numResponses: 216 > # numEntries: 215 > ------------------------------------------- > which suggests to me (but I may be wrong?) > that TLS is working OK with ldap. > > Also, I seem able to connect: > ------------------------------------------- > [tim@elizabeth ~]$ openssl s_client -connect www.xyz.com:ldap > CONNECTED(00000003) > ------------------------------------------- > > The simplest explanation would be that kaddressbook was compiled > without openldap/TLS enabled, if that is possible? > > Or maybe I am already using TLS? > I have > ------------------------------------------- > TLS_REQCERT demand > TLS_CACERT /etc/pki/tls/certs/cacert.pem > ------------------------------------------- > in /etc/openldap/ldap.conf on my laptop, > which I would have thought would force TLS usage. > (cacert.pem is the root certificate I got from CAcert.org , > who certified my key.) > > As will probably be clear, I am not quite a newbie on openssl and openldap, > but neither am I an expert. > > Incidentally, I do now have the recommended book on LDAP administration > by Gerald Carter, which I am finding very instructive, > but which has not elucidated this particular point. ---- kaddressbook is capable of a TLS session. You might try TLS_REQCERT allow but I doubt that is your issue. I think that you need to choose 'plain' (possibly login but I think plain), to use TLS on Kaddressbook. You can always increase your logging level on slapd to tell you where it fails Craig -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
