httpd cannot connect via TLS to LDAP server after upgrade to fedora 14
James McKenzie
jjmckenzie51 at earthlink.net
Wed Feb 2 03:16:48 UTC 2011
On 1/31/11 2:14 PM, Michael Cronenworth wrote:
> Ldap Tester wrote:
>> I don't know if this is a problem with httpd's mod_authnz_ldap
>> or its mod_ldap or with openldap, or just a configuration mistake
>> on my part, but it used to work before the upgrade.
>> I have searched all over for an answer to this problem
>> because I can't believe that I am the only one having it,
>> but I have found nothing.
>> I welcome any ideas.
> Fedora 14 had an undocumented feature where OpenLDAP switched from using
> OpenSSL to NSS. NSS isn't a mature or bugfree library and each time core
> utilities are switched to it (curl for example) NSS bugs spout their
> ugly heads. I'm not sure where the drive to use NSS-for-everything comes
> from, but that is for a separate thread.
>
I'll chime on this: OpenSSL is not FIPS-140 compliant and thus is being
removed from the list of approved Federal Security Software products in
the United States. NSS is on the list and thus can be used.
James McKenzie
More information about the users
mailing list