FreeBSD 9 LDAP

[Leander]

Hi

Unfortunately recent installations of smbldap-tools-0.9.7 (ports install) throws errors on FreeBSD 9.0

FreeBSD [~]# smbldap-populate
Populating LDAP directory for domain MyDomain (S-1-5-21-1[...])
(using builtin directory structure)

Could not start_tls: Cannot determine peer hostname for
 verificationerror:00000000:lib(0):func(0):reason(0) at
 /usr/local/lib/perl5/site_perl/5.12.4/smbldap_tools.pm line 365.

Google search doesn't result in much - but it seems like a Perl module is broken and unable to establish TLS?! Net::LDAP fails with later versions of IO::Socket::SSL
Unfortunately don't know how to apply the suggested patches ;( Any ideas how to fix this?

 

[SirDice]

Did you configure an LDAP server? With SSL?

 

[Leander]

Yes I did configure it with SSL/TLS. It's being used by samba.

 

[Leander]

any ideas?

 

[paraqles]

I'm having the same problem, and it locks for me as if there is a problem with x509 in the perl ldap.

The same configuration works fine for pam_ldap, nss_ldap and ldapsearch -x -ZZ.

Greetings,
paraqles

 

[paraqles]

So now I have tested the same without ssf=128 and set ssf=0, now it's working.

But for production environment this is not feasible.

Greetings,
paraqles

 

[Leander]

I changed ssf=0. Now I'm all of a sudden getting Hostname errors?

FreeBSD [~]# smbldap-populate 
Use of qw(...) as parentheses is deprecated at /usr/local/lib/perl5/site_perl/5.14.2/smbldap_tools.pm line 1423, <DATA> line 522.
Populating LDAP directory for domain MyDomain (S-1-5-21-1[...])
(using builtin directory structure)

Could not start_tls: Cannot determine peer hostname for verificationerror:00000000:lib(0):func(0):reason(0) at
 /usr/local/lib/perl5/site_perl/5.14.2/smbldap_tools.pm line 365.
FreeBSD [~]#

 

[paraqles]

If you want to try this you also should set:
/usr/local/etc/smbldap/smbldap.conf

ldapTLS="0"
ldapSSL="0"