HI Team,

 

Hope you can help with this issue.

 

1)I am trying to disable SSLV3 on OpenLDAP servers we are using OpenLDAP as a proxy with upstream Active directory servers. we are using CA certs on this openssl we would like to disable SSLV3

I added the below entry slapd.conf but when I tried to start slapd it's failing to start

 

TLSCipherSuite HIGH:MEDIUM:!SSLv2:!SSLV3

 

errors as below

slapd[19899]: main: TLS init def ctx failed: -1

slapd[19899]: slapd stopped.

slapd[19899]: connections_destroy: nothing to destroy.

 

debug logs restart as below

 

TLS: could not set cipher list HIGH:MEDIUM:!SSLv2:!SSLV3.

617c64c1 main: TLS init def ctx failed: -1

617c64c1 slapd stopped.

 

2) Also, did anybody notice this issue?

I am facing the issue with a group display we have several users in group while looking for groups in getent group we are seeing a few users only not sure if there is any limit on group filed in Database.

 

 

Thanks

Narayanan

Linux Platform Engineering

500 Staples Drive, Framingham MA

Office:  508-253-6909 | Mobile: 508-333-4395