Improved description of permissions for openldap using TLS
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | ubuntu-docs (Ubuntu) |
Undecided
|
Adam Sommer | ||
Bug Description
Binary package hint: ubuntu-docs
With the use of GNUtls users often encounter an error of the form "main: TLS init def ctx failed: -1" without further explanation (which was available with openssl). Witness for example https:/
To help avoid this, I've update the notes on the network authentication page regarding the use of certificates and items to check, revno 354 of ubuntu-doc.
Related branches
| PeterNSteinmetz (ndoc2) wrote : | #2 |
Yes, indeed. I guess I'm not familiar enough with bazaar version control. I obtained a copy of the docs, modified and performed a commit with a message, giving me rev # 354. But I take it that must not propagate the change.
I was trying to follow the instructions in the bugs playbook at:
https:/
but the command 'bzr diff > diffname.txt' near the end didn't give anything.
Subsequently, I've generated a differences file using 'bzr diff -r 353 > changes.txt', which seems to contain the differences, and I attach here.
Please let me know if there was some other more proper way of accomplishing this.
| Matthew East (mdke) wrote : | #3 |
Peter,
The patch has worked fine. Thanks for that. I'll leave it to Adam to review.
| Changed in ubuntu-docs (Ubuntu): | |
| assignee: | nobody → Adam Sommer (asommer) |
| Adam Sommer (asommer) wrote : | #4 |
Thanks Peter and Matthew. I've applied the patch to revision 358.
Thanks again,
Adam
| Changed in ubuntu-docs (Ubuntu): | |
| status: | New → Fix Committed |
| MatthiasK (mkubik) wrote : | #5 |
Hi,
the description doesn't apply to my setup as I'm not using a self-signed certificate but rahter an official one (cacert.org). Anything else that I'm missing?
Thanks in advance.
Matthias
| PeterNSteinmetz (ndoc2) wrote : | #6 |
Sorry to hear that is still trouble. I've been slowly working on the patch to provide better error reporting when using GNUtls, but it will be a while.
With an official cert, you will need all 3 of the olcTLSxxx parameters set. Assuming that is in line, I would be sure the group has read permissions on the certs and key and read and execute on the directories containing them.
| Launchpad Janitor (janitor) wrote : | #7 |
This bug was fixed in the package ubuntu-docs - 9.10.8
---------------
ubuntu-docs (9.10.8) karmic; urgency=low
* General:
- Refresh pot files
* hardware.xml:
- Update jockey instructions to reflect UI changes from some time ago (LP: #281143)
- Remove link to deprecated section in accessibility guide (LP: #293842)
* internet.xml:
- Network manager network list no longer has radio buttons, Dean Sas
* keeping-safe.xml:
- Update firewall section, Connor Imes / bodhi.zazen (LP: #377039)
* usb-creator.xml:
- Add manual for usb-creator, new document by Augustina Blair
* serverguide.xml:
- Add additional information for configuring TLS with OpenLDAP and gnutls, PeterNSteinmetz (LP: #437483)
-- Matthew East <email address hidden> Sun, 27 Sep 2009 17:26:16 +0100
| Changed in ubuntu-docs (Ubuntu): | |
| status: | Fix Committed → Fix Released |
Peter, I take it from your last sentence that you've made a suggested fix for this - could you make it available somewhere either as a patch or a bzr branch?