Full_Name: Quanah Gibson-Mount Version: 2.4.23 (RHEL build) OS: RHEL6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.108.184.39)

As part of http://rhn.redhat.com/errata/RHBA-2011-0673.html, RedHat updated its OpenLDAP packages to use MozNSS instead of OpenSSL. However, this has an immediate negative effect on people who use StartTLS:

| Problem: | | Redhat rebased their openldap server packages to use Mozilla NSS | instead of the OpenSSL libraries | (http://rhn.redhat.com/errata/RHBA-2011-0673.html). | | Attempting to authenticate a Zimbra session against this upgraded | external openLDAP server using starttls results in a 30s delay | between the beginning of the request and the validation of the | credentials. I've tested this scenario by rolling back to the | previous version of openLDAP (2.4.19-15), which restores the | authentication to an acceptable speed. | | This bug only impacts starttls sessions, utilizing ldaps is an | acceptable work around for the time being, although we would like to | return to starttls in the future as ldaps is deprecated in openLDAP. | | Action: | | rolled openLDAP server back to a previous version and the | authentication returns to normal.