[389-users] starttls does not work with chaining backend
Rich Megginson
rmeggins at redhat.com
Thu Sep 2 17:45:44 UTC 2010
Jacek Nykis wrote:
>
> Hi,
>
>
>
> I am trying to setup chaining backend and I encountered some problems.
>
> I setup nsBackendInstance object with all attributes but it would seem
> that "nsusestarttls" does not have any effect. Here is what happens:
>
>
>
> If I use ldaps over port 636 everything is fine:
>
> nsusestarttls: off
>
> nsfarmserverurl: ldaps://xxx:636
>
>
>
> But when I change values to below it stops:
>
> nsusestarttls: on
>
> nsfarmserverurl: ldap://xxx:389
>
>
>
> Logs on master server suggest that slave does not use startTLS when
> connecting.
>
>
>
> On slave server I can see this:
>
> [02/Sep/2010:15:53:22 +0000] conn=1 fd=64 slot=64 connection from
> <client IP> to <Slave IP>
>
> [02/Sep/2010:15:53:22 +0000] conn=1 op=0 EXT
> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>
> [02/Sep/2010:15:53:22 +0000] conn=1 op=0 RESULT err=0 tag=120
> nentries=0 etime=0
>
> [02/Sep/2010:15:53:22 +0000] conn=1 SSL 256-bit AES
>
> [02/Sep/2010:15:53:22 +0000] conn=1 op=1 BIND
> dn="uid=xxx,ou=xxx,dc=xxx" method=128 version=3
>
> [02/Sep/2010:15:53:22 +0000] conn=1 op=1 RESULT err=13 tag=97
> nentries=0 etime=0
>
> [02/Sep/2010:15:53:22 +0000] conn=1 op=-1 fd=64 closed - B1
>
>
>
> On master:
>
> [02/Sep/2010:15:53:22 +0000] conn=34 fd=64 slot=64 connection from
> <Slave IP> to <Master IP>
>
> [02/Sep/2010:15:53:22 +0000] conn=34 op=0 BIND
> dn="uid=xxx,ou=xxx,dc=xxx" method=128 version=3
>
> [02/Sep/2010:15:53:22 +0000] conn=34 op=0 RESULT err=13 tag=97
> nentries=0 etime=0
>
>
>
> We would prefer to use startTLS on port 389, does anybody know if this
> is possible or if anything else is required to make it work?
>
What platform? What version of 389-ds-base?
>
>
>
> --
>
> Jacek Nykis
>
> IS Unix Frontend Engineer
>
>
>
> Fax: +44 (0) 20 8834 8001
>
> Yahoo! Messenger: nykisj
>
>
>
>
>
> Betfair Limited | Winslow Road | Hammersmith Embankment | London | W6 9HP
>
> Company No. 5140986
>
>
>
> P* **Please consider the environment before printing*
>
>
>
> The information in this e-mail and any attachment is confidential and
> is intended only for the named recipient(s). The e-mail may not be
> disclosed or used by any person other than the addressee, nor may it
> be copied in any way. If you are not a named recipient please notify
> the sender immediately and delete any copies of this message. Any
> unauthorized copying, disclosure or distribution of the material in
> this e-mail is strictly forbidden. Any view or opinions presented are
> solely those of the author and do not necessarily represent those of
> the company. Betfair ® and the BETFAIR LOGO are registered trade marks
> of The Sporting Exchange Limited.
>
>
>
>
> ________________________________________________________________________
> In order to protect our email recipients, Betfair Group use SkyScan from
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> ________________________________________________________________________
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list