[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap+TLS 'works', but slapd.log reports "err=13 text=TLS confidentiality required" @ slapd start

--On Friday, August 22, 2008 1:52 PM -0700 "Ben Wailea, openldap-software" <bwailea+10@gmail.com> wrote:

You're entirely missing my point. You've noted what your setup is, and the changes you made. Once you made those changes and restarted the server, some connections started failing. Your logs show what IP address those connections are coming from, but since they are being blocked by the changes you made, there's really no data on what client is making those connections. The only person who can track down what clients are trying to bind *without* TLS is you. You may not like that answer, but it isn't going to change. You're original question posed at the end of your email was is this the expected behavior for those settings, and the answer is yes. If you block clients that are not using TLS from binding, then they are going to fail to bind once the changes are in effect.

Now, does your ldapsearch command with -ZZ continue to work after there restart?

What other processes have you configured to access the LDAP server from the local host? nscd? nss_ldap? etc. Look at those things.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration