gitlab: testing of ldap-ssl-ads option
iboukris at gmail.com
Mon Jun 22 08:42:53 UTC 2020
On Mon, Jun 22, 2020 at 10:30 AM Björn Baumbach <bb at sernet.de> wrote:
> On 6/19/20 11:57 PM, Isaac Boukris via samba-technical wrote:
> > On Fri, Jun 19, 2020 at 9:01 PM Isaac Boukris <iboukris at gmail.com> wrote:
> >> On Fri, Jun 19, 2020 at 8:20 PM Jeremy Allison <jra at samba.org> wrote:
> >>> On Fri, Jun 19, 2020 at 07:45:28PM +0200, Isaac Boukris via samba-technical wrote:
> >>>> Does anyone have any idea on this error and why I only get it on gitlab?
> >>> My guess would be differing gnutls library
> >>> versions. Not sure how to determine what
> >>> gnutls library version is on gitlab.
> >> In the raw log I now see the host was "Ubuntu 18.04.4", i'll try that.
> > My bad, it was rather easy to reproduce, it only worked in my lab
> > because I have 'TLS_REQCERT=allow' in ldap.conf.
> For testing purposes I typically specify the ca cert the following way:
> LDAPTLS_CACERT=/var/lib/samba/private/tls/ca.crt ldapsearch -H ...
Yeah, that was my last attempt in MR 1402 for the ad_dc_ntvfs env (per
some comment, fl2008r2dc uses a self-signed cert), that looks like
working in my lab by not on gitlab yet.
btw, my assumption was that the smb.conf would be taken into effect
for the openldap calls, but it seems not - i need to test more
$ cat st/client/client.conf |grep tls
tls cafile = /home/admin/git/samba/selftest/manage-ca/CA-samba.example.com/Public/CA-samba.example.com-cert.pem
tls crlfile = /home/admin/git/samba/selftest/manage-ca/CA-samba.example.com/Public/CA-samba.example.com-crl.pem
tls verify peer = no_check
More information about the samba-technical