--On Tuesday, August 19, 2014 1:50 PM +0200 Oriol Rosa Ramoneda
We are facing an issue in one of our openldap environments, while
enabling secure queries via ldaps:// our integration environment keeps
returning the following error to out ldapsearch command:
SSL3_READ_BYTES:sslv3 alert bad record mac
while the same command pointing to our production environment connects
correctly and returns matching entries.
Both run under the following versions:
Red Hat Enterprise Linux Server release 6.2 (Santiago)
OpenLDAP: slapd 2.4.23
2.4.23 is over 4 years old. In addition, the build supplied by RHEL if
that's what you're using) is linked to NSS, not OpenSSL, and has a number
of RHEL specific problems. I'd strongly advise upgrading to a current
release and an OpenSSL linked OpenLDAP.
I would also note there were series kernel issues in the 6.2 patch level
(At Zimbra, we require patch level 4 or later due to various issues with
RHEL6 at the previous levels).
Zimbra :: the leader in open source messaging and collaboration