I compiled up 9.0_BETA and upgraded a 8.x DOMU. I found that 9.0_BETA suffers from the bug I wrote about in lib/53675. Basically, ldaps won't work. In particular, it appears that the client code is broken as ldapsearch will refuse to work against an openldap server and against a 389DS server if you try using SSL/TLS (ldaps). I had a slightly older -current around with libcrypto.so.13 on it and it works fine, but anything with libcrypto.so.14 does not work, although the problem could be in the libldap library. The upgraded DOMU did not have its packages updated, so those were still from the 8.x era. A ldapsearch from pkgsrc of the 8.x era also worked, but it uses an older libcrypto and its own libldap.
I won't have much time to fiddle with this problem any more right now, but can offer up test systems if anyone would like to help fix this. Right now, -current and 9.0_BETA are probably broken with respect to client use of ldaps from the base system (this includes pam_ldap and nss_ldap). -- Brad Spencer - [email protected] - KC8VKS - http://anduin.eldar.org
