[Issue 10323] New: Starttls critical not working on lloadd

3 Apr 2025


      https://bugs.openldap.org/show_bug.cgi?id=10323
Issue ID: 10323
           Summary: Starttls critical not working on lloadd
           Product: OpenLDAP
           Version: 2.6.9
          Hardware: x86_64
                OS: Linux
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: lloadd
          Assignee: bugs@openldap.org
          Reporter: grichier@scaleway.com
  Target Milestone: ---
Hello, 
Looks like starttls critical not working on lloadd.
I have a backend with starttls configure but with bad CN.
When I direct query the backend using ldapsearch with option -ZZ, I have the
following error: 
ldap_start_tls: Connect error (-11)
        additional info: (unknown error code)
But when I query the lloadd, which use same backend with olcBkLloadStartTLS to
critical. It's work...
On a tcpdump I can see the communication between backend and lloadd is not
using starttls. (cleartext). But it shouldn't (critical option)
cn: {1}ldap://ldap01.example.com
olcBkLloadBackendUri: ldap://ldap01.example.com
olcBkLloadNumconns: 10
olcBkLloadBindconns: 5
olcBkLloadRetry: 5000
olcBkLloadMaxPendingOps: 50
olcBkLloadMaxPendingConns: 10
olcBkLloadWeight: 1
olcBkLloadStartTLS: critical
-- 
You are receiving this mail because:
You are on the CC list for the issue.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[Issue 10323] New: Starttls critical not working on lloadd