<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Webdings;
panose-1:5 3 1 2 1 5 9 6 7 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>Hi,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I am trying to setup chaining backend and I encountered some problems.<o:p></o:p></p><p class=MsoNormal>I setup nsBackendInstance object with all attributes but it would seem that "nsusestarttls" does not have any effect. Here is what happens:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>If I use ldaps over port 636 everything is fine:<o:p></o:p></p><p class=MsoNormal>nsusestarttls: off<o:p></o:p></p><p class=MsoNormal>nsfarmserverurl: ldaps://xxx:636<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>But when I change values to below it stops:<o:p></o:p></p><p class=MsoNormal>nsusestarttls: on<o:p></o:p></p><p class=MsoNormal>nsfarmserverurl: ldap://xxx:389<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Logs on master server suggest that slave does not use startTLS when connecting.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>On slave server I can see this:<o:p></o:p></p><p class=MsoNormal>[02/Sep/2010:15:53:22 +0000] conn=1 fd=64 slot=64 connection from <client IP> to <Slave IP><o:p></o:p></p><p class=MsoNormal>[02/Sep/2010:15:53:22 +0000] conn=1 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS"<o:p></o:p></p><p class=MsoNormal>[02/Sep/2010:15:53:22 +0000] conn=1 op=0 RESULT err=0 tag=120 nentries=0 etime=0<o:p></o:p></p><p class=MsoNormal>[02/Sep/2010:15:53:22 +0000] conn=1 SSL 256-bit AES<o:p></o:p></p><p class=MsoNormal>[02/Sep/2010:15:53:22 +0000] conn=1 op=1 BIND dn="uid=xxx,ou=xxx,dc=xxx" method=128 version=3<o:p></o:p></p><p class=MsoNormal>[02/Sep/2010:15:53:22 +0000] conn=1 op=1 RESULT err=13 tag=97 nentries=0 etime=0<o:p></o:p></p><p class=MsoNormal>[02/Sep/2010:15:53:22 +0000] conn=1 op=-1 fd=64 closed - B1<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>On master:<o:p></o:p></p><p class=MsoNormal>[02/Sep/2010:15:53:22 +0000] conn=34 fd=64 slot=64 connection from <Slave IP> to <Master IP><o:p></o:p></p><p class=MsoNormal>[02/Sep/2010:15:53:22 +0000] conn=34 op=0 BIND dn="uid=xxx,ou=xxx,dc=xxx" method=128 version=3<o:p></o:p></p><p class=MsoNormal>[02/Sep/2010:15:53:22 +0000] conn=34 op=0 RESULT err=13 tag=97 nentries=0 etime=0<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>We would prefer to use startTLS on port 389, does anybody know if this is possible or if anything else is required to make it work?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='mso-fareast-language:EN-GB'>-- <o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-GB'>Jacek Nykis<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-GB'>IS Unix Frontend Engineer<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-GB'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-GB'>Fax: +44 (0) 20 8834 8001<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-GB'>Yahoo! Messenger: nykisj<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-GB'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-GB'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-GB'>Betfair Limited | Winslow Road | Hammersmith Embankment | London | W6 9HP <o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-GB'>Company No. 5140986 <o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-GB'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:18.0pt;font-family:Webdings;color:green;mso-fareast-language:ZH-TW'>P</span><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black;mso-fareast-language:ZH-TW'> </span></b><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:green;mso-fareast-language:ZH-TW'>Please consider the environment before printing</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:ZH-TW'><o:p></o:p></span></p><p class=MsoNormal style='page-break-after:avoid'><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:gray;mso-fareast-language:ZH-TW'><o:p> </o:p></span></p><p class=MsoNormal style='page-break-after:avoid'><span lang=EN-US style='font-size:8.0pt;font-family:"Tahoma","sans-serif";color:gray;mso-fareast-language:ZH-TW'>The information in this e-mail and any attachment is confidential and is intended only for the named recipient(s). The e-mail may not be disclosed or used by any person other than the addressee, nor may it be copied in any way. If you are not a named recipient please notify the sender immediately and delete any copies of this message. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Any view or opinions presented are solely those of the author and do not necessarily represent those of the company. Betfair ® and the BETFAIR LOGO are registered trade marks of The Sporting Exchange Limited.<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p></div><BR>
________________________________________________________________________<BR>
In order to protect our email recipients, Betfair Group use SkyScan from <BR>
MessageLabs to scan all Incoming and Outgoing mail for viruses.<BR>
<BR>
________________________________________________________________________<BR>
</body></html>