--On Friday, August 22, 2008 1:52 PM -0700 "Ben Wailea, openldap-software" bwailea+10@gmail.com wrote:
You're entirely missing my point. You've noted what your setup is, and the changes you made. Once you made those changes and restarted the server, some connections started failing. Your logs show what IP address those connections are coming from, but since they are being blocked by the changes you made, there's really no data on what client is making those connections. The only person who can track down what clients are trying to bind *without* TLS is you. You may not like that answer, but it isn't going to change. You're original question posed at the end of your email was is this the expected behavior for those settings, and the answer is yes. If you block clients that are not using TLS from binding, then they are going to fail to bind once the changes are in effect.
Now, does your ldapsearch command with -ZZ continue to work after there restart?
What other processes have you configured to access the LDAP server from the local host? nscd? nss_ldap? etc. Look at those things.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
This thread is now closed as all OpenLDAP-specific questions asked have been answered.
On Aug 22, 2008, at 2:03 PM, Quanah Gibson-Mount wrote:
--On Friday, August 22, 2008 1:52 PM -0700 "Ben Wailea, openldap- software" bwailea+10@gmail.com wrote: Now, does your ldapsearch command with -ZZ continue to work after there restart?
I believe the message at the top of the thread answers this question.
What other processes have you configured to access the LDAP server from the local host? nscd? nss_ldap? etc. Look at those things.
This should be viewed as a rhetorical question. Discussion of non- OpenLDAP LDAP clients is off-topic here.
-- the moderator
openldap-software@openldap.org