Comment 4 for bug 306897

I had the same problem as originally posted. I am running a Subversion server in an OpenVZ container (2.6.24-21-openvz) with latest updates to libgnutls13. My Subversion server also authenticates using LDAP SSL. Initially, authentication would work correctly but then after a period of time it would start failing with errors like the following showing up in the Apache logs:
    [Fri Dec 12 17:17:14 2008] [warn] [client XXX.XXX.XXX.XXX] [17128] auth_ldap authenticate: user XXX authentication failed; URI /svn/project [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]

Once LDAP authentication began failing, it required a reboot of the Apache service to function normally again.

Reverting to a previous libgnutls13 (2.0.4-1ubuntu2 instead of 2.0.4-1ubuntu2.3) seemed to correct the problem. But I still saw unusual messages like:
    [Wed Dec 17 09:41:53 2008] [warn] [client XXX.XXX.XXX.XXX] [9506] auth_ldap authenticate: user XXX authentication failed; URI /svn/project [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
when invalid credentials were supplied.

I noticed this post:
    http://the.unwashedmeme.com/blog/2008/08/08/mod_ldap-ldapverifyservercert-simple-bind-failed/
and decided to try disabling LDAP server verification in the Apache configuration (default is enabled):
    LDAPVerifyServerCert Off

That seems to have corrected the problem for me. I am now up to the current version of libgnutls13, LDAP authentication works, and I don't see "Can't contact LDAP server" messages in my logs any more.

So, perhaps the original problem is due to there being something wrong with the LDAP server certificates (e.g., the file is missing, the permissions are incorrect, etc.).

Hope that's of some help!

Steve