TLS: warning: cacertdir not implemented for gnutlsThis error comes up when you try and use the
TLS_CACERTDIRdirective in your ldap configuration. Googling for answers was somewhat fruitless, the first complaints of the problem started many years ago. People said it happened when the openldap packages were compiled against gnutls instead of openssl, which apparently does not support the tls_cacertdir option. The general consensus was therefor to not use that directive.
I didn't turn up anything about a fix. The current versions of the openldap packages are still broken all these years later. Although I expected to fail (there had to be reason no one did this before, right??) I tried the obvious solution and it worked.
$ mkdir /tmp/openldap $ cd !$ $ sudo apt-get source openldap $ sudo apt-get build-dep openldap $ sudo apt-get install libssl-dev $ sudo vim openldap-2.4.31/debian/configure.options
Change --with-tls=gnutls to --with-tls=openssl
$ sudo apt-get -b --no-download source openldap
Go have some lunch, mow the lawn, maybe a pub crawl. The amount incredible amount of hardcore testing that's been integrated into the build process is amazing, but it takes a while.
$ sudo dpkg --install ldap-utils_2.4.31-1ubuntu2.1_amd64.deb \ libldap-2.4-2_2.4.31-1ubuntu2.1_amd64.deb \ libldap2-dev_2.4.31-1ubuntu2.1_amd64.deb $ ldapsearch -LLL -h ldap-server.example.com -D uid=andy,ou=foo,dc=example,dc=com -b dc=example,dc=com -ZZ -W uid=andy cn Enter LDAP Password: dn: uid=andy,ou=foo,dc=example,dc=com cn: Andy Harrison
The other applications I was using that relied on the ldap libraries started working immediately as well.