Ubuntu
ubuntu-docs package

Improved description of permissions for openldap using TLS

Bug #437483 reported by PeterNSteinmetz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-docs (Ubuntu)
Fix Released
Undecided
Adam Sommer

Bug Description

Binary package hint: ubuntu-docs

With the use of GNUtls users often encounter an error of the form "main: TLS init def ctx failed: -1" without further explanation (which was available with openssl). Witness for example https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/420277

To help avoid this, I've update the notes on the network authentication page regarding the use of certificates and items to check, revno 354 of ubuntu-doc.

Tags: serverguide

Related branches

lp:ubuntu/karmic/ubuntu-docs
Revision history for this message
Matthew East (mdke) wrote :

Peter, I take it from your last sentence that you've made a suggested fix for this - could you make it available somewhere either as a patch or a bzr branch?

tags: added: serverguide
Revision history for this message
PeterNSteinmetz (ndoc2) wrote :

Yes, indeed. I guess I'm not familiar enough with bazaar version control. I obtained a copy of the docs, modified and performed a commit with a message, giving me rev # 354. But I take it that must not propagate the change.

I was trying to follow the instructions in the bugs playbook at:
https://wiki.ubuntu.com/DocumentationTeam/SystemDocumentation?action=AttachFile&do=view&target=BugsPlaybook.pdf

but the command 'bzr diff > diffname.txt' near the end didn't give anything.

Subsequently, I've generated a differences file using 'bzr diff -r 353 > changes.txt', which seems to contain the differences, and I attach here.

Please let me know if there was some other more proper way of accomplishing this.

Revision history for this message
Matthew East (mdke) wrote :

Peter,

The patch has worked fine. Thanks for that. I'll leave it to Adam to review.

Changed in ubuntu-docs (Ubuntu):
assignee: nobody → Adam Sommer (asommer)
Revision history for this message
Adam Sommer (asommer) wrote :

Thanks Peter and Matthew. I've applied the patch to revision 358.

Thanks again,
Adam

Changed in ubuntu-docs (Ubuntu):
status: New → Fix Committed
Revision history for this message
MatthiasK (mkubik) wrote :

Hi,

the description doesn't apply to my setup as I'm not using a self-signed certificate but rahter an official one (cacert.org). Anything else that I'm missing?

Thanks in advance.
Matthias

Revision history for this message
PeterNSteinmetz (ndoc2) wrote :

Sorry to hear that is still trouble. I've been slowly working on the patch to provide better error reporting when using GNUtls, but it will be a while.

With an official cert, you will need all 3 of the olcTLSxxx parameters set. Assuming that is in line, I would be sure the group has read permissions on the certs and key and read and execute on the directories containing them.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-docs - 9.10.8

---------------
ubuntu-docs (9.10.8) karmic; urgency=low

  * General:
    - Refresh pot files
  * hardware.xml:
    - Update jockey instructions to reflect UI changes from some time ago (LP: #281143)
    - Remove link to deprecated section in accessibility guide (LP: #293842)
  * internet.xml:
    - Network manager network list no longer has radio buttons, Dean Sas
  * keeping-safe.xml:
    - Update firewall section, Connor Imes / bodhi.zazen (LP: #377039)
  * usb-creator.xml:
    - Add manual for usb-creator, new document by Augustina Blair
  * serverguide.xml:
    - Add additional information for configuring TLS with OpenLDAP and gnutls, PeterNSteinmetz (LP: #437483)

 -- Matthew East <email address hidden> Sun, 27 Sep 2009 17:26:16 +0100

Changed in ubuntu-docs (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.