Re: OpenLDAP client and SSL handshaek

[Jon Dufresne <jon@erezlife.com>]

On Tue, 2012-03-20 at 16:13 -0700, Quanah Gibson-Mount wrote:
> Who built your OpenLDAP?  What SSL software is it linked to?  For example, 
> RHEL platforms tend to use MozNSS.  Debian/Ubuntu use GnuTLS.  Sane OSes 
> use OpenSSL.  From the looks of it, you are using an NSS linked OpenLDAP 
> client.  I suggest you build your own client against OpenSSL.
> 

I am using OpenLDAP as built by Red Hat for RHEL 6.2,
openldap-2.4.23-20.el6.x86_64.

$ ldd /usr/bin/ldapsearch
	linux-vdso.so.1 =>  (0x00007fff8816e000)
	libldap-2.4.so.2 => /lib64/libldap-2.4.so.2 (0x000000391c400000)
	liblber-2.4.so.2 => /lib64/liblber-2.4.so.2 (0x000000391c000000)
	libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003031400000)
	libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003026000000)
	libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003021c00000)
	libssl3.so => /usr/lib64/libssl3.so (0x000000391b800000)
	libsmime3.so => /usr/lib64/libsmime3.so (0x000000391bc00000)
	libnss3.so => /usr/lib64/libnss3.so (0x000000391b400000)
	libnssutil3.so => /usr/lib64/libnssutil3.so (0x000000305a800000)
	libplds4.so => /lib64/libplds4.so (0x0000003059c00000)
	libplc4.so => /lib64/libplc4.so (0x000000305ac00000)
	libnspr4.so => /lib64/libnspr4.so (0x000000305a000000)
	libc.so.6 => /lib64/libc.so.6 (0x000000301fc00000)
	libdl.so.2 => /lib64/libdl.so.2 (0x0000003020000000)
	libfreebl3.so => /lib64/libfreebl3.so (0x0000003025c00000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003020400000)
	libz.so.1 => /lib64/libz.so.1 (0x0000003020c00000)
	/lib64/ld-linux-x86-64.so.2 (0x000000301f800000)

> I suggest you build your own client against OpenSSL.

This is kind of a last resort as I am not maintaining the environment
being used.

Are you aware of known issues with this build configuration connecting
to Oracle?

Jon