[horde] Horde LDAP TLS not working, system LDAP TLS does

Simon Wilson simon at simonandkate.net
Mon Feb 18 15:30:43 UTC 2013 

I am going crazy with this one...

My H5 setup has been working fine for a week. Earlier in the week I  
updated the certificates that the systems use, but missed one on the  
new Horde server, and today everything stopped working with  
certificate expired errors.

I worked out where I had missed it, put it there, but now Horde can't  
auth using TLS (it has been fine):

2013-02-18T14:56:45+00:00 EMERG: HORDE TLS not started: Connect error  
[pid 7145 on line 514 of "/usr/share/pear/Horde/Ldap.php"]

It drops a fatal error whenever TLS is enabled. The certs appear fine,  
and Imp using the same certs can connect to the separate IMAP server.

My old Horde 4 server can connect fine over TLS, so it's not the LDAP server.

The strange thing though is that I can ldapsearch from the new system  
using TLS:

ldapsearch -ZZ -x -b dc=simonandkate,dc=lan

Generates this on the LDAP server:

Feb 19 01:15:57 emp01 slapd[3297]: conn=2378 fd=48 ACCEPT from  
IP=192.168.1.230:35382 (IP=0.0.0.0:389)
Feb 19 01:15:57 emp01 slapd[3297]: conn=2378 op=0 EXT  
oid=1.3.6.1.4.1.1466.20037
Feb 19 01:15:57 emp01 slapd[3297]: conn=2378 op=0 STARTTLS
Feb 19 01:15:57 emp01 slapd[3297]: conn=2378 op=0 RESULT oid= err=0 text=
Feb 19 01:15:57 emp01 slapd[3297]: conn=2378 fd=48 TLS established  
tls_ssf=256 ssf=256
Feb 19 01:15:57 emp01 slapd[3297]: conn=2378 op=1 BIND dn="" method=128
Feb 19 01:15:57 emp01 slapd[3297]: conn=2378 op=1 RESULT tag=97 err=0 text=
Feb 19 01:15:57 emp01 slapd[3297]: conn=2378 op=2 SRCH  
base="dc=simonandkate,dc=lan" scope=2 deref=0 filter="(objectClass=*)"
Feb 19 01:15:57 emp01 slapd[3297]: conn=2378 op=2 SEARCH RESULT  
tag=101 err=0 nentries=44 text=
Feb 19 01:15:57 emp01 slapd[3297]: conn=2378 op=3 UNBIND
Feb 19 01:15:57 emp01 slapd[3297]: conn=2378 fd=48 closed

Yet Horde can't START_TLS.

The CA certificate file on the system is world readable - how does  
Horde find it?

Can anyone help please, I have checked what appear to be obvious  
things and am drawing a blank at this point...

Simon.

--
Simon Wilson
M: 0400 12 11 16
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: PGP Digital Signature
URL: <http://lists.horde.org/archives/horde/attachments/20130218/53d7aef0/attachment.bin>

More information about the horde mailing list