Hello,
We are facing an issue in one of our openldap environments, while
enabling secure queries via ldaps:// our integration environment keeps
returning the following error to out ldapsearch command:
SSL3_READ_BYTES:sslv3 alert bad record mac
while the same command pointing to our production environment connects
correctly and returns matching entries.
Both run under the following versions:
Red Hat Enterprise Linux Server release 6.2 (Santiago)
OpenLDAP: slapd 2.4.23
OpenSSL 1.0.0-fips
2.4.23 is over 4 years old. In addition, the build supplied by RHEL if that's what you're using) is linked to NSS, not OpenSSL, and has a number of RHEL specific problems. I'd strongly advise upgrading to a current release and an OpenSSL linked OpenLDAP.
I would also note there were series kernel issues in the 6.2 patch level (At Zimbra, we require patch level 4 or later due to various issues with RHEL6 at the previous levels).
--Quanah -- Quanah Gibson-Mount Server Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration