Regression after ITS#8427 fix with back-ldap
- First Post
- Replies
- Stats
-
Go to
- ----- 2023 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
This is a multi-part message in MIME format.
--------------93F3FA89632EC27DC6224304
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Hello,
Commit 6f623dfa1ca65698c19ccc6c058cd170e633384e fixing ITS#8427 (Set up
TLS settings on each reconnection) introduce a regression when the proxy
connect to the**Backend ldap server via ldaps://
The relevent part of my config is:
dn: olcDatabase={2}ldap,cn=config
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {2}ldap
olcSuffix: dc=local
olcDbURI: ldaps://ldap.local
olcDbChaseReferrals: TRUE
olcDbRebindAsUser: TRUE
olcDbIDAssertBind: bindmethod=none tls_cacert=/etc/pki/tls/certs/ca.crt
olcDbIDAssertAuthzFrom: "*"
(I also tried by setting LDAPTLS_CACERT env var when starting slapd)
On backend ldap server logs, I get the message "TLS negociation failure"
Regards
--------------93F3FA89632EC27DC6224304
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
<html>
<head>
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello,</p>
<p>Commit 6f623dfa1ca65698c19ccc6c058cd170e633384e fixing ITS#8427
(Set up TLS settings on each reconnection) introduce a regression
when the proxy connect to the<b> </b>Backend ldap server via
<a class="moz-txt-link-freetext"
href="ldaps://">ldaps://</a><br>
</p>
<p>The relevent part of my config is:<br>
</p>
<p>dn: olcDatabase={2}ldap,cn=config<br>
objectClass: olcDatabaseConfig<br>
objectClass: olcLDAPConfig<br>
olcDatabase: {2}ldap<br>
olcSuffix: dc=local<br>
olcDbURI: <a class="moz-txt-link-freetext"
href="ldaps://ldap.local">ldaps://ldap.local</a><br>
olcDbChaseReferrals: TRUE<br>
olcDbRebindAsUser: TRUE<br>
olcDbIDAssertBind: bindmethod=none
tls_cacert=/etc/pki/tls/certs/ca.crt<br>
olcDbIDAssertAuthzFrom: "*"</p>
<p> (I also tried by setting LDAPTLS_CACERT env var when starting
slapd)</p>
<p>On backend ldap server logs, I get the message "TLS negociation
failure"</p>
<p><br>
</p>
<p>Regards<br>
</p>
</body>
</html>
--------------93F3FA89632EC27DC6224304--
1617
days inactive
1617
days old
0 comments
1 participants
tags (0)
participants (1)
-
a.chelouah@gmail.com