Regression after ITS#8427 fix with back-ldap - openldap-bugs

27 Jun 2019


      This is a multi-part message in MIME format.
--------------93F3FA89632EC27DC6224304
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Hello,
Commit 6f623dfa1ca65698c19ccc6c058cd170e633384e fixing ITS#8427 (Set up 
TLS settings on each reconnection) introduce a regression when the proxy 
connect to the**Backend ldap server via ldaps://
The relevent part of my config is:
dn: olcDatabase={2}ldap,cn=config
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {2}ldap
olcSuffix: dc=local
olcDbURI: ldaps://ldap.local
olcDbChaseReferrals: TRUE
olcDbRebindAsUser: TRUE
olcDbIDAssertBind: bindmethod=none tls_cacert=/etc/pki/tls/certs/ca.crt
olcDbIDAssertAuthzFrom: "*"
(I also tried by setting LDAPTLS_CACERT env var when starting slapd)
On backend ldap server logs, I get the message "TLS negociation failure"
Regards
--------------93F3FA89632EC27DC6224304
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
<html>
  <head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Hello,</p>
    <p>Commit 6f623dfa1ca65698c19ccc6c058cd170e633384e fixing ITS#8427
      (Set up TLS settings on each reconnection) introduce a regression
      when the proxy connect to the<b> </b>Backend ldap server via
      <a class="moz-txt-link-freetext" href="ldaps://">ldaps://</a><br>
    </p>
    <p>The relevent part of my config is:<br>
    </p>
    <p>dn: olcDatabase={2}ldap,cn=config<br>
      objectClass: olcDatabaseConfig<br>
      objectClass: olcLDAPConfig<br>
      olcDatabase: {2}ldap<br>
      olcSuffix: dc=local<br>
      olcDbURI: <a class="moz-txt-link-freetext" href="ldaps://ldap.local">ldaps://ldap.local</a><br>
      olcDbChaseReferrals: TRUE<br>
      olcDbRebindAsUser: TRUE<br>
      olcDbIDAssertBind: bindmethod=none
      tls_cacert=/etc/pki/tls/certs/ca.crt<br>
      olcDbIDAssertAuthzFrom: "*"</p>
    <p> (I also tried by setting LDAPTLS_CACERT env var when starting
      slapd)</p>
    <p>On backend ldap server logs, I get the message "TLS negociation
      failure"</p>
    <p><br>
    </p>
    <p>Regards<br>
    </p>
  </body>
</html>
--------------93F3FA89632EC27DC6224304--