DebuggingOpenldap

Revision 1 as of 2009-03-09 22:54:47

Clear message

Debugging Central

This page is part of the debugging series — pages with debugging details for a variety of Ubuntu packages.

Introduction

Bugs relating to openldap typically fall into X categories:

  1. SSL connections not working.

How to file

SSL connections failure

If the system is unable to connect to an ldap server via an SSL connection:

Add the content of the following files (if they exists):

  • /etc/ldap/ldap.conf
  • ~/.ldaprc
  • ~/ldaprc

Add the content of TLS_CACERT file (set in one of the files above).

Install the following packages: ldap-utils and gnutls-bin.

* Attach the output of the following command line: 

$ ldapsearch -d 1 ...other options to connect to ldap-server-hostname...

Example: 

$ ldapsearch -d 1 -b "dc=example,dc=com" -D "cn=admin,dc=example,dc=com" -x -w adminpassword -H ldaps://ldap.example.com/

Obfuscate all relevant information (such as password, dn)

* output of the following command line: 

gnutls-cli --x509cafile TLS_CACERT -p 636 ldap-server-hostname

Example: 

gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p 636 ldap.example.com

Debugging procedure

How to Triage

Stock Reply

SSL connections failure