[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [Evolution] LDAPS with own CA cert not functional.
- From: Jan Mynarik <mynarikj phoenix inf upol cz>
- To: evolution lists ximian com
- Subject: Re: [Evolution] LDAPS with own CA cert not functional.
- Date: Tue, 26 Oct 2004 22:55:25 +0200
Filed as bug #68826
http://bugzilla.ximian.com/show_bug.cgi?id=68826
Regards,
Jan "Pogo" Mynarik
On Tue, 2004-10-26 at 18:27 +0200, Jan Mynarik wrote:
> Now I'm sure that CA certificates from Evolution's certificate store are
> not used in Evo's LDAP. Some Googling helped me to find a way how to get
> Evolution running without this LDAP problem.
>
> I launched evolution this way:
> LDAPTLS_CACERT=<path to file PEM file> evolution
>
> and now it works. I'm going to file a bug.
>
> Jan "Pogo" Mynarik
>
> On Tue, 2004-10-26 at 16:25 +0200, Jan Mynarik wrote:
> > Hello,
> >
> > I have following problem. I am not able to use company's LDAP server.
> > We've got following policy:
> > - we're able to connect to LDAP on 389 without SSL from intranet
> > - from outside we need to use LDAP via SSL on port 636 and anonymous
> > query is not allowed
> >
> > The first case works fine with Evolution 2.0.2 but I need to specify
> > SSL: Never because SSL: When possible doesn't work.
> >
> > The second case doesn't work (and haven't ever worked since first
> > versions of Evolution). All I get is (from separately run
> > evolution-data-server):
> >
> > (evolution-data-server:5473): libebookbackend-WARNING **: failed to bind
> > anonymously while connecting (ldap_error 0x51)
> > in server_log_handler
> >
> > It doesn't even ask for password. Our LDAP server is OpenLDAP version
> > 2.0.27.
> >
> > Exactly the same configuration works with Outlook (tested by some
> > colleagues, I don't use it), Mozilla, and Mozilla Thunderbird. Even
> > tested with ldapsearch and with specific LDAP browsers: JXBrowse and
> > LDAPBrowser (both java).
> >
> > The problem could be that our LDAP server uses a certificate which is
> > not signed (directly or indirectly) by globally recognized CA). We have
> > our own CA certificate here that we use for signing other certificates
> > (server, personal etc.).
> >
> > This CA certificate is imported in Evolution's certificates for sure as
> > I'm able to use it to verify other people's certificates in mail
> > encryption/signing. It was also needed to import our CA certificate to
> > already mentioned LDAP browsers to get them working properly with out
> > LDAPS server.
> >
> > Using ldapsearch I need to disable certificate verification or to
> > specify TLS_CACERT to get it working, without it I get:
> >
> > ldap_bind: Can't contact LDAP server (81)
> > additional info: Error in the certificate.
> >
> > which reminds me of Evolution's problem.
> >
> > Can anybody help me? Does evolution use imported CA certificates even
> > for LDAP? Does anybody encountered this problem too?
> >
> > Am I right with the possible source of problem? If yes, I'll file a bug.
> >
> > I'm eve able to compile evolution-data-server to test patches ;-)
> >
> > Regards,
> >
> > Jan "Pogo" Mynarik
> >
--
Jan Mynarik <mynarikj phoenix inf upol cz>
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]