[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#9071) Invalid olcDbStartTLS values generated on back-ldap conversion

Full_Name: Quanah Gibson-Mount
Version: 2.4.48
OS: N/A
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (47.208.128.44)


When converting this basic slapd.conf for back-ldap:

include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/schema/openldap.schema
include         /usr/local/etc/openldap/schema/ppolicy.schema
include         /usr/local/etc/openldap/schema/misc.schema
loglevel 256
pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args
modulepath      /usr/local/libexec/openldap
moduleload      rwm
moduleload      back_ldap
database                ldap
readonly                yes
protocol-version        3
rebind-as-user          yes
uri                     "ldaps://universe.example.com"
suffix                  "dc=universe,dc=example,dc=com"
overlay                 rwm
rwm-map                 attribute       uid     sAMAccountName
rwm-map                 attribute       mail    proxyAddresses
chase-referrals yes
idassert-bind bindmethod=simple binddn="cn=ldap_phone,ou=LDAP
Access,dc=example,dc=com" credentials='Password1234'
tls_cacert=/usr/local/etc/openldap/example_com_Universe_Root_CA.cer


The resulting back-ldap configuration has an invalid olcDbStartTLS attribute:

olcDbStartTLS: none  starttls=no


Per the man page, "none" is not valid at all, and also per the man page, since
the URI is using ldaps, the value should be:

olcDbStartTLS: ldaps

Config is based off of a real life configuration from an end user, where things
worked with slapd.conf but were broken post-conversion to cn=config.  Fixing the
olcDbStartTLS value to be valid resolved the issue.