Ubuntu
kdepim package

kaddressbook is unable to talk to ldap server using ssl with a self signed certificate

Bug #37135 reported by Kenny Duffus
18
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kdepim (Ubuntu)
Invalid
Medium
Kubuntu Bugs

Bug Description

Adding an addressbook to kaddressbook producing the following error:

Could not connect to host:
ldaps://ldaphost:636
Aditional info: Error in the certificate

The signing authority is trusted in konqueror and kleopatra

Kenny Duffus (kduffus)
Changed in kdepim:
assignee: nobody → kubuntu-team
Revision history for this message
Matt Zimmerman (mdz) wrote :

Please don't assign bugs.

Changed in kdepim:
assignee: kubuntu-team → jr
Revision history for this message
Kenny Duffus (kduffus) wrote :

just in case anyone else has this problem as a work around i'm using stunnel to connect to the ldapserver

stunnel -c -d localhost:389 -r my-ldap-server:636

then tell kaddressbook to connect to localhost with out ssl

Frode M. Døving (frode)
Changed in kdepim:
assignee: jr → kubuntu-team
Revision history for this message
Martin Emrich (emme) wrote :

I just got the same Problem. The solution is to put the CA certificate into /etc/ldap/ldap.conf:

...
TLS_CACERT /path/to/your/ca-certificate.pem
TLS_CACERTDIR /path/to/your
TLS_REQCERT allow
...

Ciao

Martin

Revision history for this message
Rocco Stanzione (trappist) wrote :

An alternative solution would be to tell ldap to ignore bad certificates. This is the designed behavior, not a bug, and the suggested solution is the correct one.

Changed in kdepim:
status: Unconfirmed → Rejected
Revision history for this message
Matej Kenda (matejken) wrote :

It seems that editing the ldap.conf file is not required any more on Feisty Fawn.

I have configured LDAP authentication without editing the configuration files. I just had to import the certificates into kleopatra and add new LDAP address book to kaddressbook.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.