[Date Prev][Date Next] [Chronological] [Thread] [Top]

Regression after ITS#8427 fix with back-ldap

To: openldap-its@OpenLDAP.org
Subject: Regression after ITS#8427 fix with back-ldap
From: a.chelouah@gmail.com
Date: Thu, 27 Jun 2019 20:08:19 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

This is a multi-part message in MIME format.
--------------93F3FA89632EC27DC6224304
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

Hello,

Commit 6f623dfa1ca65698c19ccc6c058cd170e633384e fixing ITS#8427 (Set up 
TLS settings on each reconnection) introduce a regression when the proxy 
connect to the**Backend ldap server via ldaps://

The relevent part of my config is:

dn: olcDatabase={2}ldap,cn=config
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {2}ldap
olcSuffix: dc=local
olcDbURI: ldaps://ldap.local
olcDbChaseReferrals: TRUE
olcDbRebindAsUser: TRUE
olcDbIDAssertBind: bindmethod=none tls_cacert=/etc/pki/tls/certs/ca.crt
olcDbIDAssertAuthzFrom: "*"

(I also tried by setting LDAPTLS_CACERT env var when starting slapd)

On backend ldap server logs, I get the message "TLS negociation failure"


Regards


--------------93F3FA89632EC27DC6224304
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Hello,</p>
    <p>Commit 6f623dfa1ca65698c19ccc6c058cd170e633384e fixing ITS#8427
      (Set up TLS settings on each reconnection) introduce a regression
      when the proxy connect to the<b> </b>Backend ldap server via
      <a class="moz-txt-link-freetext" href="ldaps://">ldaps://</a><br>
    </p>
    <p>The relevent part of my config is:<br>
    </p>
    <p>dn: olcDatabase={2}ldap,cn=config<br>
      objectClass: olcDatabaseConfig<br>
      objectClass: olcLDAPConfig<br>
      olcDatabase: {2}ldap<br>
      olcSuffix: dc=local<br>
      olcDbURI: <a class="moz-txt-link-freetext" href="ldaps://ldap.local">ldaps://ldap.local</a><br>
      olcDbChaseReferrals: TRUE<br>
      olcDbRebindAsUser: TRUE<br>
      olcDbIDAssertBind: bindmethod=none
      tls_cacert=/etc/pki/tls/certs/ca.crt<br>
      olcDbIDAssertAuthzFrom: "*"</p>
    <p> (I also tried by setting LDAPTLS_CACERT env var when starting
      slapd)</p>
    <p>On backend ldap server logs, I get the message "TLS negociation
      failure"</p>
    <p><br>
    </p>
    <p>Regards<br>
    </p>
  </body>
</html>

--------------93F3FA89632EC27DC6224304--

Prev by Date: Re: (ITS#8977) Make IDL sizes configurable in back-mdb
Next by Date: Re: Regression after ITS#8427 fix with back-ldap
Index(es):
- Chronological
- Thread