kmail/kaddressbook + openldap, again, sorry
Timothy Murphy
gayleard at eircom.net
Tue May 13 13:35:08 UTC 2008
I have kaddressbook working fine with my openldap directory,
but when I try to enable TLS security it fails.
More precisely, when I go to Settings=>Configure KAddressBook
=>LDAP Lookup, choose my host www.xyz.com (say),
click on Security: TLS and press Query Server
I get the message "LDAP server returned the error: Not Supported".
On the other hand, I seem able to run
-------------------------------------------
[tim at elizabeth ~]$ ldapsearch -x -ZZ
...
# www.xyz.com
dn: dc=www,dc=xyz,dc=com
dc: www
objectClass: top
objectClass: domain
...
# Address Book, www.xyz.com
dn: ou=Address Book,dc=www,dc=xyz,dc=com
objectClass: organizationalUnit
ou: Address Book
...
# search result
search: 3
result: 0 Success
# numResponses: 216
# numEntries: 215
-------------------------------------------
which suggests to me (but I may be wrong?)
that TLS is working OK with ldap.
Also, I seem able to connect:
-------------------------------------------
[tim at elizabeth ~]$ openssl s_client -connect www.xyz.com:ldap
CONNECTED(00000003)
-------------------------------------------
The simplest explanation would be that kaddressbook was compiled
without openldap/TLS enabled, if that is possible?
Or maybe I am already using TLS?
I have
-------------------------------------------
TLS_REQCERT demand
TLS_CACERT /etc/pki/tls/certs/cacert.pem
-------------------------------------------
in /etc/openldap/ldap.conf on my laptop,
which I would have thought would force TLS usage.
(cacert.pem is the root certificate I got from CAcert.org ,
who certified my key.)
As will probably be clear, I am not quite a newbie on openssl and openldap,
but neither am I an expert.
Incidentally, I do now have the recommended book on LDAP administration
by Gerald Carter, which I am finding very instructive,
but which has not elucidated this particular point.
More information about the fedora-list
mailing list