Re: [nssldap] Possible bug in nss_ldap v253 using SSL ?

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: "Joshua M. Miller" <joshua [at] itsecureadmin.com>
To: Christopher Smith <csmith [at] nighthawkrad.net>
Cc: nssldap [at] padl.com
Subject: Re: [nssldap] Possible bug in nss_ldap v253 using SSL ?
Date: Tue, 08 May 2007 06:16:32 -0700

Isn't the host directive deprecated in favor of URI anyway?

Thanks,
--
Joshua M. Miller - RHCE,VCP


Christopher Smith wrote:

This is happening on a new CentOS 5 machine, with the "nss_ldap-253-3"package. In summary, it appears nss_ldap is both not automaticallyusing the correct port when configured with 'ssl on' *AND* ignoring the'port' directive in /etc/ldap.conf when it is specified directly.
If I try 'getent passwd' with:
host pdc01.nighthawkrad.net
ssl on
It doesn't work. Further, tcpdump shows the machine trying to contactmy AD server on port 389 - LDAP w/o SSL.
(This configuration works fine with CentOS 4.4 and its"nss_ldap-226-17", I have several machines using it.)
If I try 'getent passwd' with:
host pdc01.nighthawkrad.net
ssl on
port 636
It still doesn't work and tcpdump also shows the machine trying tocontact the AD server via port 389.
Finally, if 'getent passwd' with:
uri ldaps://an.ad.server/
ssl on
It works as expected (ie: I get a list of user account details). Tcpdumpshows port 636 being used, as it should be.

Re: [nssldap] Possible bug in nss_ldap v253 using SSL ?, Joshua M. Miller

Next by Date: RE: [nssldap] Solaris 10 update 5 - nss_ldap makes nscd dump core
Next by thread: RE: [nssldap] Solaris 10 update 5 - nss_ldap makes nscd dump core