Re: SSL/TLS connection on port 389

[Tony Earnshaw <tonni@hetnet.nl>]

Buchan Milne skrev, on 30-01-2008 10:57:

> > > It seems that no matter what you select here, if the port is
> > > 389, it does STARTTLS:
> > >
> > > Jan 29 17:59:16 seaknight slapd[840]: conn=0 fd=15 ACCEPT from
> > > IP=127.0.0.1:53243 (IP=0.0.0.0:389)
> > > Jan 29 17:59:16 seaknight slapd[840]: conn=0 op=0 STARTTLS
> > > Jan 29 17:59:16 seaknight slapd[840]: conn=0 op=0 RESULT oid=
> > > err=0 text= Jan 29 17:59:16 seaknight slapd[840]: conn=0
> > > fd=15 TLS established tls_ssf=256 ssf=256
> > This is encouraging - I guess you are not using the same version of
> > slapd as I am? (I'm using 2.4.7, which apparently has a bug with
> > STARTTLS, at least in Debian it does).
>
> I don't use Debian, and on production platforms I don't use the packages 
> supplied by the distro, but the rebuilds (which are available at 
> http://staff.telkomsa.net/packages/) of the Mandriva package, for which I am 
> the maintainer. The output in my reply was from my Mandriva 2008.0 x86_64, 
> running the 2.3.38 package supplied with the distro. I will try and test the 
> 2.4.7 packages sometime later today.

FWIW your rhl5 src rpm rebuilt on Fedora FC6 has no problems with ldaps, 
ldap starttls or ldapi; it does everything perfectly normally - 
otherwise I'd have reacted negatively far sooner.

[...]

Best,

--Tonni

--
Tony Earnshaw
Email: tonni at hetnet dot nl