On Mon, Jul 04, 2011 at 08:39:42PM +0200, li...@xs4me.net wrote: > Op 04-07-11 19:35, li...@xs4me.net schreef: > > Hi, > > > > I'm using sssd-1.5.10 and noticed today that I was not able to connect to > > my ldap server with an ldaps uri. > > > > If I change the uri it ldap://ldap.... everything works just fine. As far > > as I can see it is not an certificate issue. > > > > connection attempt with ldaps://ldap... > > slapd[9277]: conn=118207 fd=77 ACCEPT from IP=192.168.1.1:8837 > > (IP=0.0.0.0:636) > > slapd[9277]: conn=118207 fd=77 closed (TLS negotiation failure) > > > > > > connection attempt with ldap://ldap... > > slapd[9277]: conn=118259 fd=72 ACCEPT from IP=192.168.1.1:47669 > > (IP=0.0.0.0:389) > > slapd[9277]: conn=118259 op=0 EXT oid=1.3.6.1.4.1.1466.20037 > > slapd[9277]: conn=118259 op=0 STARTTLS > > slapd[9277]: conn=118259 op=0 RESULT oid= err=0 text= > > slapd[9277]: conn=118259 fd=72 TLS established tls_ssf=256 ssf=256 > > > Hi, > > I Just tried sssd-1.5.8 and in that version both the ldap:// uri and ldaps:// > uris are working. >
d'oh, I'm really sorry, I could have sworn I tested ldaps://, too. I introduced ldap_init_fd() in "Use ldap_init_fd() instead of ldap_initialize() if available" and assumed that the TLS setup is handled by ldap_init_fd(), but apparently this assumption was wrong and ldap_install_tls() needs to be called explicitly. A patch will be available soon. Sorry for any inconveniences. bye, Sumit > regards, > > J > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/sssd-devel _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel