I need help with LDAP and Evolution

Chris Stark cstark at hawaii.edu
Wed Sep 7 01:26:52 UTC 2005


On Tue, 2005-09-06 at 16:49 -0600, Guy Fraser wrote:
> On Tue, 2005-30-08 at 14:19 -0600, Guy Fraser wrote:
> > On Mon, 2005-29-08 at 19:06 -0400, David Malcolm wrote:
> > > On Mon, 2005-08-29 at 16:49 -0600, Guy Fraser wrote:
> > > > Following the tutorial on :
> > > > 
> > > > http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html
> > > > 
> > > > I was able to setup a test LDAP database and was able to see the 
> > > > three entries using Thunderbird, but have not been able to 
> > > > get Evolution to work with it.
> > > 
> > > Which version of Evolution, BTW? (and evolution-data-server)
> > > 
> > 
> > I use up2date to upgrade to evolution-2.0.4-6 and it still doesn't 
> > work.
> 
> Doesn't anyone have any ideas?
> 

Sorry, I didn't see the beginning of this thread, so I'm not sure if my
advice will be relevant at all. Here it goes...

I use TLS encryption with my LDAP server (self-signed certificates), and
I went through all sorts of hell trying to figure out why every program
I had could connect to LDAP but not evolution. What I eventually figured
out was that evolution wasn't accepting my self-signed certs, but it
wasn't giving any indication that this was the problem.

What I did to solve the problem was to download the CA certificate from
each of the two LDAP servers I use, then copy them to
the /etc/openldap/cacerts/ directory. Your /etc/openldap/ldap.conf file
needs to have this line:

TLS_CACERTDIR /etc/openldap/cacerts

In FC4, this is there by default. Now comes the tricky part... I then
used `sudo authconfig` to set up LDAP authentication (even though I'm
not using LDAP for that purpose here) so that the checksums for the
certificates are automatically computed and symlinked to the CA
certificates. Exit the authconfig program to make the changes "stick"
the launch it again to unset the LDAP authentication -- the symlinks
should still be there. I'm sure there's a more elegant command-line
method for creating the checksum symlinks, but I don't know it off the
top of my head. 

Convoluted? Absolutely. I'm sorry if this doesn't help, but it has
worked like a charm for me. I wish I had an easier answer.

Aloha,
Chris




More information about the fedora-list mailing list