[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [EXTERNAL] Re: back-ldap and ldaps not working

To: Jon C Kidder <jckidder@aep.com>, Michael Ströder <michael@stroeder.com>
Subject: Re: [EXTERNAL] Re: back-ldap and ldaps not working
From: Howard Chu <hyc@symas.com>
Date: Sat, 8 Jul 2017 14:51:10 +0100
Cc: "openldap-technical@OpenLDAP.org" <openldap-technical@OpenLDAP.org>
In-reply-to: <WM!85fafa4797dc173b9d4449daac00cf992174f8ed8743cab1627ff060e649e4a02ae86e073448c33a10e0baa3e171c259!@mailstronghold-3.zmailcloud.com>
References: <677F33420B725A4D9E0066554451BDACE9D9679C@VMAEPHQMS001.corp.aepsc.com> <WM!909bfe074a2495f47775cf76ca559c339fce739af124170cf148add0b39e6a1b47570fbd fe5c7cd02a8b11b2dd148767!@mailstronghold-2.zmailcloud.com> <BE88F93C26C0AD98FB81992C@[192.168.1.30]> <677F33420B725A4D9E0066554451BDACE9D9695F@VMAEPHQMS001.corp.aepsc.com> <80344f05-9fa0-b182-5bc4-865ef08fcbe8@stroeder.com> <973F24F1-8A60-4EB8-B86A-1ABF480C9C19@aep.com> <WM!85fafa4797dc173b9d4449daac00cf992174f8ed8743cab1627ff060e649e4a02ae86e073448c33a10e0baa3e171c259!@mailstronghold-3.zmailcloud.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0 SeaMonkey/2.53a1

Jon C Kidder wrote:

Thanks Michael. The message is clear but the solution isn't. I think you missed the part about this exact same slapd node being a replication consumer replicating successfully using the exact same certificate/TLS setup.  Just for added validation the masters have been active for a couple years serving a very active test environment with ~100 test clients connecting via ldaps. Something appears to be hinky with the configuration processing or certificate validation processing in back-ldap.  My gut is that olcDBStartTLS isn't being converted/formatted correctly or isn't being parsed correctly and the option to set the path to the CA cert file is being ignored.

In that case you could use strace to verify whether the CA cert file is everbeing opened.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- back-ldap and ldaps not working
  - From: Jon C Kidder <jckidder@aep.com>
- Re: back-ldap and ldaps not working
  - From: Quanah Gibson-Mount <quanah@symas.com>
- RE: [EXTERNAL] Re: back-ldap and ldaps not working
  - From: Jon C Kidder <jckidder@aep.com>
- Re: [EXTERNAL] Re: back-ldap and ldaps not working
  - From: Michael Ströder <michael@stroeder.com>
- Re: [EXTERNAL] Re: back-ldap and ldaps not working
  - From: Jon C Kidder <jckidder@aep.com>

Prev by Date: Re: [EXTERNAL] Re: back-ldap and ldaps not working
Next by Date: Re: [EXTERNAL] Re: back-ldap and ldaps not working
Index(es):
- Chronological
- Thread