Re: [nssldap] Possible bug in nss_ldap v253 using SSL ?
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] Possible bug in nss_ldap v253 using SSL ?
- From: Ralf Haferkamp <rhafer [at] suse.de>
- To: nssldap [at] padl.com
- Subject: Re: [nssldap] Possible bug in nss_ldap v253 using SSL ?
- Date: Tue, 8 May 2007 10:11:22 +0200
On Tuesday 08 May 2007 07:29, Christopher Smith wrote:
> This is happening on a new CentOS 5 machine, with the "nss_ldap-253-3"
> package. In summary, it appears nss_ldap is both not automatically
> using the correct port when configured with 'ssl on' *AND* ignoring the
> 'port' directive in /etc/ldap.conf when it is specified directly.
>
This seems to be:
http://bugzilla.padl.com/show_bug.cgi?id=303
It is fixed in nss_ldap-255
> If I try 'getent passwd' with:
> host pdc01.nighthawkrad.net
> ssl on
>
> It doesn't work. Further, tcpdump shows the machine trying to contact
> my AD server on port 389 - LDAP w/o SSL.
>
> (This configuration works fine with CentOS 4.4 and its
> "nss_ldap-226-17", I have several machines using it.)
>
>
> If I try 'getent passwd' with:
> host pdc01.nighthawkrad.net
> ssl on
> port 636
>
> It still doesn't work and tcpdump also shows the machine trying to
> contact the AD server via port 389.
>
>
> Finally, if 'getent passwd' with:
> uri ldaps://an.ad.server/
> ssl on
>
> It works as expected (ie: I get a list of user account details).
> Tcpdump shows port 636 being used, as it should be.
--
Ralf Haferkamp
SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg
T: +49-911-74053-0
F: +49-911-74053575 - Ralf.Haferkamp@suse.com
