On Tue, 2012-03-20 at 16:13 -0700, Quanah Gibson-Mount wrote:
Who built your OpenLDAP? What SSL software is it linked to? For example, RHEL platforms tend to use MozNSS. Debian/Ubuntu use GnuTLS. Sane OSes use OpenSSL. From the looks of it, you are using an NSS linked OpenLDAP client. I suggest you build your own client against OpenSSL.
I am using OpenLDAP as built by Red Hat for RHEL 6.2, openldap-2.4.23-20.el6.x86_64.
$ ldd /usr/bin/ldapsearch linux-vdso.so.1 => (0x00007fff8816e000) libldap-2.4.so.2 => /lib64/libldap-2.4.so.2 (0x000000391c400000) liblber-2.4.so.2 => /lib64/liblber-2.4.so.2 (0x000000391c000000) libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003031400000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003026000000) libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003021c00000) libssl3.so => /usr/lib64/libssl3.so (0x000000391b800000) libsmime3.so => /usr/lib64/libsmime3.so (0x000000391bc00000) libnss3.so => /usr/lib64/libnss3.so (0x000000391b400000) libnssutil3.so => /usr/lib64/libnssutil3.so (0x000000305a800000) libplds4.so => /lib64/libplds4.so (0x0000003059c00000) libplc4.so => /lib64/libplc4.so (0x000000305ac00000) libnspr4.so => /lib64/libnspr4.so (0x000000305a000000) libc.so.6 => /lib64/libc.so.6 (0x000000301fc00000) libdl.so.2 => /lib64/libdl.so.2 (0x0000003020000000) libfreebl3.so => /lib64/libfreebl3.so (0x0000003025c00000) libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003020400000) libz.so.1 => /lib64/libz.so.1 (0x0000003020c00000) /lib64/ld-linux-x86-64.so.2 (0x000000301f800000)
I suggest you build your own client against OpenSSL.
This is kind of a last resort as I am not maintaining the environment being used.
Are you aware of known issues with this build configuration connecting to Oracle?
Jon