[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: [EXTERNAL] Re: back-ldap and ldaps not working
So, following Howard's suggestion I did some testing with strace.
When back-ldap goes to make the proxy call I see an fopen for this file /appl/openldap/etc/openldap/tls/cacerts.cer which is the file I have explicitly configured. I then see an fopen for this file /appl/openldap/etc/openldap/tls/3a89cd48.0. I have no idea where this file name came from. If I copy the CA cert into this 3a89cd48.0 file or I symlink this file to my cacerts file the TLS handshake succeeds and the update is properly forwarded to the master. No matter what I specify in my configuration the TLS handshake only succeeds if the ca cert resides in the 3a89cd48.0 file.
JON C KIDDER | MIDDLEWARE ADMINISTRATOR LEAD
JCKIDDER@AEP.COM | D:614.716.4970
1 RIVERSIDE PLAZA, COLUMBUS, OH 43215
-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@symas.com]
Sent: Monday, July 10, 2017 1:24 PM
To: Jon C Kidder
Cc: openldap-technical@OpenLDAP.org
Subject: Re: [EXTERNAL] Re: back-ldap and ldaps not working
--On Saturday, July 08, 2017 4:53 PM +0200 Michael Ströder <michael@stroeder.com> wrote:
> I vaguely remember there were bugs in back-ldap/back-meta ignoring TLS
> options. The work-around back then was to set env var LDAPTLS_CACERT and
> friends when starting slapd to let libldap pick up the TLS options from
> env.
>
> Should be fixed in recent releases OpenLDAP though.
Ha, one of the few times I failed to ask what version of OpenLDAP was being
used...
Jon, what OpenLDAP release are you running?
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.symas.com&d=DwIFaQ&c=gMbiD-Q9WoaRgoXZKCrSug&r=WacA_KdnzU1pvF8wEQ4v1A&m=B1G6sYKZr8K4Ql49fZjlOvLWnhjo26Zg8vdiSFIRuP0&s=sNMX1JT4B7u_e7p1VtpP2G3eYVy5q5S8ZekvRuMDuNk&e= >