From a.chelouah@gmail.com Thu Jun 27 20:08:20 2019 From: a.chelouah@gmail.com To: openldap-bugs@openldap.org Subject: Regression after ITS#8427 fix with back-ldap Date: Thu, 27 Jun 2019 20:08:19 +0000 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5569150609164906174==" --===============5569150609164906174== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is a multi-part message in MIME format. --------------93F3FA89632EC27DC6224304 Content-Type: text/plain; charset=3Dutf-8; format=3Dflowed Content-Transfer-Encoding: 7bit Hello, Commit 6f623dfa1ca65698c19ccc6c058cd170e633384e fixing ITS#8427 (Set up=20 TLS settings on each reconnection) introduce a regression when the proxy=20 connect to the**Backend ldap server via ldaps:// The relevent part of my config is: dn: olcDatabase=3D{2}ldap,cn=3Dconfig objectClass: olcDatabaseConfig objectClass: olcLDAPConfig olcDatabase: {2}ldap olcSuffix: dc=3Dlocal olcDbURI: ldaps://ldap.local olcDbChaseReferrals: TRUE olcDbRebindAsUser: TRUE olcDbIDAssertBind: bindmethod=3Dnone tls_cacert=3D/etc/pki/tls/certs/ca.crt olcDbIDAssertAuthzFrom: "*" (I also tried by setting LDAPTLS_CACERT env var when starting slapd) On backend ldap server logs, I get the message "TLS negociation failure" Regards --------------93F3FA89632EC27DC6224304 Content-Type: text/html; charset=3Dutf-8 Content-Transfer-Encoding: 7bit

Hello,

Commit 6f623dfa1ca65698c19ccc6c058cd170e633384e fixing ITS#8427 (Set up TLS settings on each reconnection) introduce a regression when the proxy connect to the Backend ldap server via ldaps://

The relevent part of my config is:

dn: olcDatabase=3D{2}ldap,cn=3Dconfig
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {2}ldap
olcSuffix: dc=3Dlocal
olcDbURI: ldaps://ldap.local
olcDbChaseReferrals: TRUE
olcDbRebindAsUser: TRUE
olcDbIDAssertBind: bindmethod=3Dnone tls_cacert=3D/etc/pki/tls/certs/ca.crt
olcDbIDAssertAuthzFrom: "*"

(I also tried by setting LDAPTLS_CACERT env var when starting slapd)

On backend ldap server logs, I get the message "TLS negociation failure"


Regards

--------------93F3FA89632EC27DC6224304-- --===============5569150609164906174==--