--On Tuesday, August 19, 2014 1:50 PM +0200 Oriol Rosa Ramoneda orosa@bcn.sia.es wrote:

Hello,

We are facing an issue in one of our openldap environments, while enabling secure queries via ldaps:// our integration environment keeps returning the following error to out ldapsearch command: SSL3_READ_BYTES:sslv3 alert bad record mac

while the same command pointing to our production environment connects correctly and returns matching entries.

Both run under the following versions: Red Hat Enterprise Linux Server release 6.2 (Santiago) OpenLDAP: slapd 2.4.23 OpenSSL 1.0.0-fips

2.4.23 is over 4 years old. In addition, the build supplied by RHEL if that's what you're using) is linked to NSS, not OpenSSL, and has a number of RHEL specific problems. I'd strongly advise upgrading to a current release and an OpenSSL linked OpenLDAP.

I would also note there were series kernel issues in the 6.2 patch level (At Zimbra, we require patch level 4 or later due to various issues with RHEL6 at the previous levels).

--Quanah

--

Quanah Gibson-Mount Server Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration