[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap+TLS 'works', but slapd.log reports "err=13 text=TLS confidentiality required" @ slapd start

To: bwailea+10REMOVE_THIS@gmail.com
Subject: Re: openldap+TLS 'works', but slapd.log reports "err=13 text=TLS confidentiality required" @ slapd start
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Fri, 22 Aug 2008 14:03:00 -0700
Cc: openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <382b79dc0808221352y1d6095bdy181060bcad2e5f93@mail.gmail.com>
References: <382b79dc0808221121md383f95k6fde7c3a53ff9743@mail.gmail.com> <alpine.BSO.1.10.0808221331180.6800@vanye.mho.net> <382b79dc0808221311u3175edb7w82f1919e354ad5e4@mail.gmail.com> <E72FBF76DCF3EBEF89E2A65F@192.168.1.199> <382b79dc0808221352y1d6095bdy181060bcad2e5f93@mail.gmail.com>

--On Friday, August 22, 2008 1:52 PM -0700 "Ben Wailea, openldap-software" <bwailea+10@gmail.com> wrote:

You're entirely missing my point. You've noted what your setup is, and the changes you made. Once you made those changes and restarted the server, some connections started failing. Your logs show what IP address those connections are coming from, but since they are being blocked by the changes you made, there's really no data on what client is making those connections. The only person who can track down what clients are trying to bind *without* TLS is you. You may not like that answer, but it isn't going to change. You're original question posed at the end of your email was is this the expected behavior for those settings, and the answer is yes. If you block clients that are not using TLS from binding, then they are going to fail to bind once the changes are in effect.

Now, does your ldapsearch command with -ZZ continue to work after there restart?

What other processes have you configured to access the LDAP server from the local host? nscd? nss_ldap? etc. Look at those things.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: openldap+TLS 'works', but slapd.log reports "err=13 text=TLS confidentiality required" @ slapd start
  - From: OpenLDAP Project <Project@OpenLDAP.org>

References:
- openldap+TLS 'works', but slapd.log reports "err=13 text=TLS confidentiality required" @ slapd start
  - From: "Ben Wailea, openldap-software" <bwailea+10@gmail.com>
- Re: openldap+TLS 'works', but slapd.log reports "err=13 text=TLS confidentiality required" @ slapd start
  - From: Philip Guenther <guenther+ldapsoft@sendmail.com>
- Re: openldap+TLS 'works', but slapd.log reports "err=13 text=TLS confidentiality required" @ slapd start
  - From: "Ben Wailea, openldap-software" <bwailea+10@gmail.com>

Prev by Date: Re: openldap+TLS 'works', but slapd.log reports "err=13 text=TLS confidentiality required" @ slapd start
Next by Date: Re: openldap+TLS 'works', but slapd.log reports "err=13 text=TLS confidentiality required" @ slapd start
Index(es):
- Chronological
- Thread