Red Hat Bugzilla – Bug 109445
LDAP Contacts Do Not Work w/SSL
Last modified: 2007-11-30 17:10:33 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Description of problem:
Evolution is unable to use SSL/TLS when communicating with an LDAP
server for contacts. This worked with Ximian 1.4.5, but does not work
with the Fedora Core RPM. The message I get is:
We were unable to open this addressbook. This either
means you have entered an incorrect URI, or the LDAP server
Setting 'Use SSL/TLS' to 'Never' allows me to communicate with the
LDAP server. Setting it to 'Always' gives the dialog box with the
above message, regardless of whether the port is set to 389 or 636.
I did remove all Ximian packages and replaced them with their Fedora
equivalents prior to testing this. I also made sure to kill the
Evolution background processes, which do not exit when Evolution
itself is killed.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Set up an LDAP server using the evolution.schema and set
2. Create an entry in "Directory Servers" in Evolution and set 'Use
SSL/TLS' to 'Always'.
3. Click on the directory entry in "Other Contacts".
Actual Results: Received the message above; unable to list any contacts.
Expected Results: Expected to have normal functionality in the LDAP
Setting severity to "Security" since not being able to use SSL/TLS
when communicating with an LDAP server is a big security problem, for
me at least. Feel free to downgrade it if that's not appropriate.
Setting 'TLS_REQCERT' in '/etc/openldap/ldap.conf' to 'allow' fixes
this issue with self-signed certs (which also affected GQ and
ldapsearch). It's somewhat unexpected, since I only thought the CLI
clients used this file, but apparently it's read as part of
ldap_init() or ldap_open(). Bug can be closed as far as I am
concerned. (Apologies again for setting to 'security'.)