[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#9071) Invalid olcDbStartTLS values generated on back-ldap conversion
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#9071) Invalid olcDbStartTLS values generated on back-ldap conversion
- From: quanah@openldap.org
- Date: Thu, 29 Aug 2019 19:33:07 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Quanah Gibson-Mount
Version: 2.4.48
OS: N/A
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (47.208.128.44)
When converting this basic slapd.conf for back-ldap:
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/ppolicy.schema
include /usr/local/etc/openldap/schema/misc.schema
loglevel 256
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
modulepath /usr/local/libexec/openldap
moduleload rwm
moduleload back_ldap
database ldap
readonly yes
protocol-version 3
rebind-as-user yes
uri "ldaps://universe.example.com"
suffix "dc=universe,dc=example,dc=com"
overlay rwm
rwm-map attribute uid sAMAccountName
rwm-map attribute mail proxyAddresses
chase-referrals yes
idassert-bind bindmethod=simple binddn="cn=ldap_phone,ou=LDAP
Access,dc=example,dc=com" credentials='Password1234'
tls_cacert=/usr/local/etc/openldap/example_com_Universe_Root_CA.cer
The resulting back-ldap configuration has an invalid olcDbStartTLS attribute:
olcDbStartTLS: none starttls=no
Per the man page, "none" is not valid at all, and also per the man page, since
the URI is using ldaps, the value should be:
olcDbStartTLS: ldaps
Config is based off of a real life configuration from an end user, where things
worked with slapd.conf but were broken post-conversion to cn=config. Fixing the
olcDbStartTLS value to be valid resolved the issue.