Hello,
I am sorry for the inconveniences. I have filed a bug about this: https://bugzilla.redhat.com/show_bug.cgi?id=1375432 This should be fixed with next release.
Regards.
Steve Zeng steve.zeng@booking.com writes:
Thanks for the LDAP tool box packages. I will give it a try.
Quick questions, I ran ldd to find out which TLS/SSL library and it shows:
# ldd /usr/sbin/slapd
linux-vdso.so.1 => (0x00007fff5b044000) libltdl.so.7 => /usr/lib64/libltdl.so.7 (0x00007f3a36585000) libdb-4.7.so => /lib64/libdb-4.7.so (0x00007f3a36211000) libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00007f3a35ff6000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f3a35dbf000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f3a35ba5000) libssl3.so => /usr/lib64/libssl3.so (0x00007f3a35965000) libsmime3.so => /usr/lib64/libsmime3.so (0x00007f3a35739000) libnss3.so => /usr/lib64/libnss3.so (0x00007f3a353fa000) libnssutil3.so => /usr/lib64/libnssutil3.so (0x00007f3a351cd000) libplds4.so => /lib64/libplds4.so (0x00007f3a34fc9000) libplc4.so => /lib64/libplc4.so (0x00007f3a34dc4000) libnspr4.so => /lib64/libnspr4.so (0x00007f3a34b85000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f3a34968000) libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f3a3475d000) libc.so.6 => /lib64/libc.so.6 (0x00007f3a343c8000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f3a341c4000) libfreebl3.so => /lib64/libfreebl3.so (0x00007f3a33f4d000) libz.so.1 => /lib64/libz.so.1 (0x00007f3a33d36000) librt.so.1 => /lib64/librt.so.1 (0x00007f3a33b2e000) /lib64/ld-linux-x86-64.so.2 (0x00007f3a3679c000) libnsl.so.1 => /lib64/libnsl.so.1 (0x00007f3a33914000)
# rpm -qf /usr/lib64/libssl3.so
nss-3.21.0-8.el6.x86_64
Will that (the line containing libssl3.so) confirm it is the MozNSS libs?
I also tried the other settings and all clients immediately could not connect. It that a suggested settings for this purpose, or it is simply due to the wrong value I gave?
olcTLSCipherSuite: ALL:!TLSv1.0:!TLSv1.1:!SSLv3
Thanks, Steve
On 9/12/16, 4:26 AM, "openldap-technical on behalf of Clément OUDOT" <openldap-technical-bounces@openldap.org on behalf of clement.oudot@savoirfairelinux.com> wrote:
Le 11/09/2016 à 03:25, Steve Zeng a écrit :
Thanks for the note. So we need to rebuild it against OpenSSL?
You can give a try to LDAP Tool Box packages which are built against OpenSSL:
- http://ltb-project.org/wiki/documentation/openldap-rpm
- http://ltb-project.org/wiki/download#openldap
-- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux 87, rue de Turbigo - 75003 PARIS Blog: http://sflx.ca/coudot