[horde] Horde LDAP TLS not working, system LDAP TLS does

Ralf Lang lang at b1-systems.de
Mon Feb 18 16:07:53 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 18.02.2013 16:30, Simon Wilson wrote:
> I am going crazy with this one...
> 
> My H5 setup has been working fine for a week. Earlier in the week
> I updated the certificates that the systems use, but missed one on
> the new Horde server, and today everything stopped working with
> certificate expired errors.
> 
> I worked out where I had missed it, put it there, but now Horde
> can't auth using TLS (it has been fine):
> 
> 2013-02-18T14:56:45+00:00 EMERG: HORDE TLS not started: Connect
> error [pid 7145 on line 514 of "/usr/share/pear/Horde/Ldap.php"]
> 
> It drops a fatal error whenever TLS is enabled. The certs appear
> fine, and Imp using the same certs can connect to the separate IMAP
> server.
> 
> My old Horde 4 server can connect fine over TLS, so it's not the
> LDAP server.
> 
> The strange thing though is that I can ldapsearch from the new
> system using TLS:
> 
> ldapsearch -ZZ -x -b dc=simonandkate,dc=lan
> 
> Generates this on the LDAP server:
> 
> Feb 19 01:15:57 emp01 slapd[3297]: conn=2378 fd=48 ACCEPT from 
> IP=192.168.1.230:35382 (IP=0.0.0.0:389) Feb 19 01:15:57 emp01
> slapd[3297]: conn=2378 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Feb 19
> 01:15:57 emp01 slapd[3297]: conn=2378 op=0 STARTTLS Feb 19 01:15:57
> emp01 slapd[3297]: conn=2378 op=0 RESULT oid= err=0 text= Feb 19
> 01:15:57 emp01 slapd[3297]: conn=2378 fd=48 TLS established 
> tls_ssf=256 ssf=256 Feb 19 01:15:57 emp01 slapd[3297]: conn=2378
> op=1 BIND dn="" method=128 Feb 19 01:15:57 emp01 slapd[3297]:
> conn=2378 op=1 RESULT tag=97 err=0 text= Feb 19 01:15:57 emp01
> slapd[3297]: conn=2378 op=2 SRCH base="dc=simonandkate,dc=lan"
> scope=2 deref=0 filter="(objectClass=*)" Feb 19 01:15:57 emp01
> slapd[3297]: conn=2378 op=2 SEARCH RESULT tag=101 err=0 nentries=44
> text= Feb 19 01:15:57 emp01 slapd[3297]: conn=2378 op=3 UNBIND Feb
> 19 01:15:57 emp01 slapd[3297]: conn=2378 fd=48 closed
> 
> Yet Horde can't START_TLS.
> 
> The CA certificate file on the system is world readable - how does
> Horde find it?

Is it installed to the default certificate store? For example, under
SUSE you put it in  /etc/ssl/certs and run

c_rehash /etc/ssl/certs/


- -- 
Ralf Lang
Linux Consultant / Developer
Tel.: +49-170-6381563
Mail: lang at b1-systems.de
B1 Systems GmbH
Osterfeldstra￟e 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlEiUdkACgkQCs1dsHJ/X7Dh7gCeKKmBC5Dt3b5ry3MkhM/sNNtv
InsAoK2LmTbq+co8tq/ei8gaBCAQutL4
=rqEW
-----END PGP SIGNATURE-----

More information about the horde mailing list