Re: openldap TLSv1.0 is enabled

2022-12-14 Thread Philip Guenther
On Wed, 14 Dec 2022, Jeffrey Walton wrote: > On Wed, Dec 14, 2022 at 4:29 AM Philip Guenther > wrote: > > > > On Wed, 14 Dec 2022, Stuart Henderson wrote: > > > On 2022/12/14 06:22, Andre Rodier wrote: > > > > > olcTLSProtocolMin: 3.3 > > > > > > There is no TLS 3.3; try a valid version like 1.2 o

lloadd Proxied Authorization Denied (123)

2022-12-14 Thread Stefan Kania
I now took the example configuration and changed it to my settings: - TLSCertificateFile /opt/symas/etc/openldap/example-net-cert.pem TLSCertificateKeyFile /opt/symas/etc/openldap/example-net-key.pem TLSCACertificateFile /opt/symas/etc/openldap/cacert.pem pidfile /var/

Re: openldap TLSv1.0 is enabled

2022-12-14 Thread Andre Rodier
On 14/12/2022 20:11, Andre Rodier wrote: Thanks for your advice everyone. For those who are interested, I found the solution on this thread: https://serverfault.com/questions/459718/configure-openldap-with-tls-required > dn: cn=config > changetype: modify > replace: olcTLSCipherSuite > olc

Re: openldap TLSv1.0 is enabled

2022-12-14 Thread Andre Rodier
Thanks for your advice everyone. For those who are interested, I found the solution on this thread: https://serverfault.com/questions/459718/configure-openldap-with-tls-required > dn: cn=config > changetype: modify > replace: olcTLSCipherSuite > olcTLSCipherSuite: TLS_RSA_CAMELLIA_128_CBC_SHA1

Re: lloadd standalone daemon

2022-12-14 Thread Quanah Gibson-Mount
--On Wednesday, December 14, 2022 6:57 PM +0100 Stefan Kania wrote: You can run lloadd as a standalone slapd instance that loads the lloadd module. That's ok but the manpage for lloadd is telling me: -

Re: lloadd standalone daemon

2022-12-14 Thread Stefan Kania
Am 14.12.22 um 18:17 schrieb Quanah Gibson-Mount: --On Wednesday, December 14, 2022 5:58 PM +0100 Stefan Kania wrote: Hi to all, I want to test the "lloadd" as a standalone daemon. I'm using the symas OpenLDAP 2.6 packages on a debian 11 system. I can only find the module "lloadd.la" bu

Re: lloadd standalone daemon

2022-12-14 Thread Quanah Gibson-Mount
--On Wednesday, December 14, 2022 5:58 PM +0100 Stefan Kania wrote: Hi to all, I want to test the "lloadd" as a standalone daemon. I'm using the symas OpenLDAP 2.6 packages on a debian 11 system. I can only find the module "lloadd.la" but not the standalone daemon. If I want to us it, do

lloadd standalone daemon

2022-12-14 Thread Stefan Kania
Hi to all, I want to test the "lloadd" as a standalone daemon. I'm using the symas OpenLDAP 2.6 packages on a debian 11 system. I can only find the module "lloadd.la" but not the standalone daemon. If I want to us it, do I have to compile it myself? What would be the better way using the sta

Re: openldap TLSv1.0 is enabled

2022-12-14 Thread Jeffrey Walton
On Wed, Dec 14, 2022 at 2:42 AM Andre Rodier wrote: > ... > Well, actually, this is the next issue. > > For instance, here the LDIF file I use: > > > dn: cn=config > > add: olcTLSCACertificateFile > > olcTLSCACertificateFile: /etc/ssl/certs/ldap.homebox.world.issuer.crt > > ... > > I have the (in

Re: openldap TLSv1.0 is enabled

2022-12-14 Thread Jeffrey Walton
On Wed, Dec 14, 2022 at 4:29 AM Philip Guenther wrote: > > On Wed, 14 Dec 2022, Stuart Henderson wrote: > > On 2022/12/14 06:22, Andre Rodier wrote: > > > > olcTLSProtocolMin: 3.3 > > > > There is no TLS 3.3; try a valid version like 1.2 or 1.3. > > No, that's correct. slapd.conf(5): > >T

Re: openldap TLSv1.0 is enabled

2022-12-14 Thread Jeffrey Walton
On Wed, Dec 14, 2022 at 4:13 AM Stuart Henderson wrote: > > On 2022/12/14 06:22, Andre Rodier wrote: > > > olcTLSProtocolMin: 3.3 > > There is no TLS 3.3; try a valid version like 1.2 or 1.3. That's following the record version [1] specified in the RFC. While "TLS 3.3" does not exist, Record Laye

Antw: [EXT] Detecting replication delay when replicating a subset of data

2022-12-14 Thread Ulrich Windl
>>> schrieb am 12.12.2022 um 16:47 in >>> Nachricht <20221212154750.5262.89...@hypatia.openldap.org>: > Hello, > > Under typical circumstances we run a config database and have a single > application database for ldap data. We run consumers replicating from > providers where they replicate the

Re: openldap TLSv1.0 is enabled

2022-12-14 Thread Erik de Waard
Hi, Take a look at TLSCipherSuite Erik On Wed, Dec 14, 2022, 07:23 Andre Rodier wrote: > Hello, > > I have configured OpenLDAP using SSL certificate, but I have a few issues. > > Here the TLS configuration, especially "olcTLSProtocolMin: 3.3" > > > # AUTO-GENERATED FILE - DO NOT EDIT!! Use lda

Re: openldap TLSv1.0 is enabled

2022-12-14 Thread Erik de Waard
Try "NORMAL:-RSA" Your version is probably build against gnutls instead of openssl See: the manual on TLSCipherSuite On Wed, Dec 14, 2022, 08:41 Andre Rodier wrote: > On 14/12/2022 07:32, Erik de Waard wrote: > > Hi, > > > > Take a look at TLSCipherSuite > > > > Erik > > > > On Wed, Dec 14, 20

Re: openldap TLSv1.0 is enabled

2022-12-14 Thread Philip Guenther
On Wed, 14 Dec 2022, Stuart Henderson wrote: > On 2022/12/14 06:22, Andre Rodier wrote: > > > olcTLSProtocolMin: 3.3 > > There is no TLS 3.3; try a valid version like 1.2 or 1.3. No, that's correct. slapd.conf(5): TLSProtocolMin [.] Specifies minimum SSL/TLS protocol

Re: openldap TLSv1.0 is enabled

2022-12-14 Thread Stuart Henderson
On 2022/12/14 06:22, Andre Rodier wrote: > > olcTLSProtocolMin: 3.3 There is no TLS 3.3; try a valid version like 1.2 or 1.3.