[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
- To: Nikos Voutsinas <nvoutsin@gmail.com>
- Subject: Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
- From: Michael Ströder <michael@stroeder.com>
- Date: Sat, 20 Jul 2019 12:00:25 +0200
- Autocrypt: addr=michael@stroeder.com; prefer-encrypt=mutual; keydata= mQENBFbdnRoBCADj0vYA4aRwKJ6AE4mf8oElLgMT/1eLNKpJ2FYBWcwj9d8dTk5/p9b8DRxy S/qQIUUZqt9xRFZwUCm0vFeQMRDeN9xzAKoRzrJifoDOacOjG1lhZTKYvVZGgUT89Ao3QeHh Q7gPzcAKNoueoR2y3FXStOYuRrbk5PlSjVAITjsotgc7PWE9mmVYpeu8a+byK/DBHKUyolOA 1UXYvDa7MbPhMtdNm8qnwtKs1Vsyk1VkErM+5cIe+zTT6WYQcmZMRjCtWGiFTzk9W6Mdlskk WRTKhKNgokTsgcy1ecaCBUZWxv/SyXgD81+rwRi9b8Px+1reg43ayxi8sV7jrI1feybbABEB AAG0J01pY2hhZWwgU3Ryw7ZkZXIgPG1pY2hhZWxAc3Ryb2VkZXIuY29tPokBNwQTAQgAIQUC Vt2dGgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAH3HrjaovJOFpTCACjO773gcmJ KvzjiNpUFl/gANyaJgIq4VbMQ7VthRb1F9X6YbdJ6Z99ntyESjGFCpjofcSomr2vJDpv6ht+ lY33yo20YwsMpqe2OeId0jPybG+FtabKjgBNoAk7iqnBGUvE4t0dz0n1LQVCQR2jxyTKmcNq OYpsRZ3H+6kWwJMuVgsNZglINVZ8JgV5QuLYN5jhYz+pOuFnU11bV6nWREvzZXzebe7g7Zus 6AsWjtJ0lDvgBNzLlF3/eFrVch6Bejs0SvuFseIdZQk+4YU6Rb8xul/jDFXIfo7eTmijO3dV T5AmC1cUi8czncwpgAJnEH8vYv23RoN/aw2gSMCS2huIuQENBFbdnRoBCAC7L1cTVBVZZuM/ yxSUM5CsgGBlTD1Cr7C2ngZFsHSYXVLq6NUB8GZA2iLK96CrwnFw4/Jjz4llOjc50iVRMQKL RyFWOJAMrpPq2ew5T+Uoo524D//dwVbqkFVVuvM8NPiKIDyPGCjP+acM1D8hXwhOXgQ8Iz8Q 3/GRSYjitn9JrkF0ia2nhariznBKVu0LDffxF/hOCx45+QRR2/rYYlshfZMB7nEJX9P+hVfM CSzltz9Z8CldeUbiJvnyrISReR2XBw9oh8JkIUP0BtpIaify9A7EfzOk+W9BUnWe+YwdSUsB fJxOhSv+umyW5GMqZGFu+4oYnkzbe+1LUs1JarCtABEBAAGJAR8EGAEIAAkFAlbdnRoCGwwA CgkQB9x642qLyTjEUgf+JX6Atatl/QKe37yCj1OZYNPd3B0rPLJRF5mEmrADRXLZC9+uFeDS Wxxln040gnR6rjBHrRcvVmlTDiZY26iuL16+V+0/aZ9uyXNQSzk2cwDSiI/8gvr72Y+FN5fh cGXpeNHxHilYc9onzDhxyE76cwzqTKm4q2ULIH2u9IHQ5O86Fv6nHPYhe2fy1bhQapNwi/Xl 3G3i2WNH/w7m+1zWU1IddZOjmXzoxLT1BATwXGa0Tt5RjVb2mM1Wg3Zj6kqFkF2vvKcvrwj0 q0Ap5uyfN5m0uWzQMCMoaV9HQf7f5MkS1lnwBqDgnojjVAieX5uk7olUiRuPKHMfhvXulYP8 AA==
- Cc: openldap-devel@openldap.org
- Content-language: en-US
- In-reply-to: <CAJoHRigj6V7+BL_cw3eR2KxbqVaiidTGoOGKmQwEuJWnPk_PVQ@mail.gmail.com>
- Openpgp: preference=signencrypt
- References: <CAJoHRijg72LHC5EQT0p=ppyykvd69ik-8Ons0fdd3e7fRp1R5Q@mail.gmail.com> <01c17117-c566-753f-0ba6-ea5de877458c@stroeder.com> <CAJoHRigj6V7+BL_cw3eR2KxbqVaiidTGoOGKmQwEuJWnPk_PVQ@mail.gmail.com>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
On 7/20/19 10:51 AM, Nikos Voutsinas wrote:
> On Sat, Jul 20, 2019 at 11:28 AM Michael Ströder <michael@stroeder.com
> <mailto:michael@stroeder.com>> wrote:
> On 7/20/19 8:25 AM, Nikos Voutsinas wrote:
> > In the view of the new openldap release, I ran some tests by using the
> > current snapshot of the OPENLDAP_REL_ENG_2_4_48 tree
> Which snapshot? Really the latest 407ce9d prepared for release and with
> latest mdb merge?
> Yeap the one tagged for 2.4.48
Ok.
> > The testing environment was a Debian (Stable/Buster) and
> > Openldap was compiled with the Debian's gnu TLS libs.
>
> Could you try to link with OpenSSL and test that to preclude that it's
> an issue with GnuTLS?
>
> Whenever it was a gnutls library issue, even the plain ldapsearch -H
> ldaps:// had problems. Now this is not the case, cmd line utils from the
> same build at the same remote ldaps:/// work.
There are changes in libldap and slapd-ldap related to TLS which might
not work correctly with GnuTLS.
So could you try to first link with OpenSSL? If that works it would mean
that the GnuTLS support needs some more work.
BTW: During the last days Quanah and me investigated an issue with a
(now reverted) patch for libldap only occuring with dhcpd using libldap.
ldapsearch and many other LDAP clients were working just fine.
Ciao, Michael.