Your message dated Mon, 28 Mar 2011 11:01:12 +0200
with message-id <[email protected]>
and subject line Re: slapd - ldap proxy with tls enforces cert check even if
disabled
has caused the Debian Bug report #512693,
regarding slapd - ldap proxy with tls enforces cert check even if disabled
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
512693: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512693
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: slapd
Version: 2.4.11-1
Severity: important
I configured slapd to work as a ldap proxy. Because of some problems
with the certs of the upstream server, I decided to disable cert checks
for now.
| database ldap
| suffix "o=Example"
| uri "ldaps://jura1.example.com/"
| tls ldaps tls_reqcert=never
| protocol-version 3
One authenticated request works:
| $ ldapsearch -h localhost -x -W "cn=blank"
| Enter LDAP Password:
| # extended LDIF
| #
| # LDAPv3
| # base <o=Example> (default) with scope subtree
| # filter: cn=blank
| # requesting: ALL
[...]
| # search result
| search: 2
| result: 0 Success
|
| # numResponses: 5
The second fails:
| $ ldapsearch -h localhost -x -W "cn=blank"
| Enter LDAP Password:
| ldap_bind: Server is unavailable (52)
| additional info: Proxy operation retry failed
The slapd log shows:
| TLS: peer cert untrusted or revoked (0x42)
| send_ldap_result: conn=1 op=0 p=3
| send_ldap_result: err=52 matched="" text="Proxy operation retry failed"
| send_ldap_response: msgid=1 tag=97 err=52
This shows that the peer cert check value is somehow changed to one of
the enforce ones.
Bastian
--
Wait! You have not been prepared!
-- Mr. Atoz, "Tomorrow is Yesterday", stardate 3113.2
--- End Message ---
--- Begin Message ---
No information received in 5 months.
Closing bug report.
Regards,
Matthijs Möhlmann
--- End Message ---
