Ubuntu 12.04 LDAP SSL self-signed cert not accepted

certificate ssl-certificate ubuntu ubuntu-12.04 ldap

The issue is that the version of GnuTLS that is shipped with Ubuntu 12.04 uses a defective crypto back-end.

GnuTLS was supposed to be switched from using gcrypt as the crypto back-end to nettle but there are licensing issues. Specifically some GPL licenses permit linking with newer or older versions of the GPL and some do not.

You can either rebuild GnuTLS from source configured with nettle or hack gcrypt the way Howard Chu suggested someplace. Instructions on the former are in this bug report.

https://bugs.launchpad.net/bugs/926350


Set the LDAPTLS_REQCERT variable to never to ignore the certificate on the server which could be expired or invalid i.e.:

LDAPTLS_REQCERT=never ldapsearch -D "cn=drupal-test,ou=Services,dc=example,dc=com" -w my_pass -h ldap.example.com -b "ou=People,dc=example,dc=com" -s sub -x -ZZ "(uid=admin)"

or check the server if it has the right certificate.

Related

Debian - "WARNING: untrusted versions of the following packages will be installed!"
Have a valid SPF record but still can spoof my email
rsync : write failed - No space left on device (28)
Do CPU credits exist for c5d.large instances? And if not, why not?
How do I get a distinctive IP Address? [closed]
DNS attacks from external IP with port 80, how could that happened?
Windows Defender- good or bad?
Most simple way of extracting substring in Unix shell?
How to measure req/sec by analyzing apache logs
Managing multi-timezone servers
How To Prevent Access To Unmounted Mount Point
What is serialisation delay? Why does 10GB Ethernet help reduce it?