Quanah Gibson-Mount quanah@symas.com writes:
This is expected to be the final testing call for 2.4.45, with an anticipated release, depending on feedback, during the week of 2017/05/29.
For this testing call, we particularly need folks to test OpenLDAP with startTLS/LDAPS when compiled against OpenSSL (both pre 1.1 series and with the 1.1 series). There is currenly nothing in the test suite that covers encrypted connections (Although it's on my todo list). To build against OpenSSL 1.1 may also require cyrus-sasl HEAD out of the cyrus-sasl GIT repository, depending on your build options as the current cyrus-sasl release does not support the OpenSSL 1.1 series. It can be found at https://github.com/cyrusimap/cyrus-sasl. If you build with GSSAPI and use Heimdal, you will also need the Heimdal 7.1.0 or later release (as that is where OpenSSL 1.1 support was added). It can be obtained from http://h5l.org/.
[...]
All tests succeeded, source built against openssl-1.0.2j, startTLS. ldaps and sasl EXTERNAL showed no failures.
ldapwhoami -Y EXTERNAL -Z -H ldap://localhost:9007 SASL/EXTERNAL authentication started SASL username: cn=Dieter Kluenter,ou=Partner,o=AVCI,c=DE SASL SSF: 0 dn:cn=dieter kluenter,ou=partner,o=avci,c=de
ldapwhoami -Y EXTERNAL -H ldaps://localhost:9008 SASL/EXTERNAL authentication started SASL username: cn=Dieter Kluenter,ou=Partner,o=AVCI,c=DE SASL SSF: 0 dn:cn=dieter kluenter,ou=partner,o=avci,c=de
-Dieter