[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Spurious Start TLS failed errors on proxyed bind OpenLDAP 2.4.40



Hi!

On Tue, Jan 22, 2019 at 06:42:52AM -0800, Quanah Gibson-Mount wrote:
> RedHat pursued linking OpenLDAP against MozNSS against the advice of the
> OpenLDAP foundation.  We reluctantly included those patches in the 2.4
> series, but they were a constant source of problems. RedHat never disclosed
> to the OpenLDAP project why exactly they abandoned MozNSS and switched back
> to OpenSSL.

OK, thanks for the clarification.

> Regardless, you should at the least update to the latest RHEL7 version from
> RH to see if it offers any relief from the issue you are encountering. There
> are also alternatives to the RH build that you can use on RH, such as:

Yeah, we're looking to that already. Should've probably done that the first
thing, before asking on the list. Oh well.

> a) The Symas OpenLDAP for Linux packages (currently at 2.4.47). See
> <https://symas.com/linux-openldap-support-symas-corporation/>,
> <https://symas.com/linuxopenldap/>.  These packages are provided for free,
> with the option of having paid support.
> b) The LTB project:
> <https://ltb-project.org/documentation/openldap-rpm#yum_repository>
> c) The Symas commercial version of OpenLDAP, which requires a support
> contract and has additional features: <https://symas.com/symasopenldap/>

Thanks for these suggestions as well.


Best,

Janne / Helsinki Uni