#48756 if startTLS is enabled, perl utilities fail to start.
Closed: wontfix None Opened 4 years ago by nhosoi.

# db2ldif.pl -r -Z test -n userRoot
Exporting to ldif file: /var/lib/dirsrv/slapd-test/ldif/test-userRoot-2016_3_4_17_55_11.ldif
ldap_start_tls: Connect error (-11)
    additional info: Start TLS request accepted.Server willing to negotiate SSL.
Failed to add task entry "cn=export_2016_3_4_17_55_11, cn=export, cn=tasks, cn=config" error (1)

Hi Mark, please help me... :)

In my first attempt above, I did not put -P option. This time I added it, but my perl script still does not work...
{{{

db2ldif.pl -Z slapd-test -n userRoot -P STARTTLS

Exporting to ldif file: /var/lib/dirsrv/slapd-test/ldif/test-userRoot-2016_3_11_17_29_5.ldif
ldap_start_tls: Connect error (-11)
additional info: Start TLS request accepted.Server willing to negotiate SSL.
Failed to add task entry "cn=export_2016_3_11_17_29_5, cn=export, cn=tasks, cn=config" error (1)
}}}
This is the access log:
{{{
[..] conn=6 fd=64 slot=64 connection from ::1 to ::1
[..] conn=6 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[..] conn=6 op=0 RESULT err=0 tag=120 nentries=0 etime=0
[..] conn=6 op=-1 fd=64 closed - Encountered end of file.
}}}
I added -D 'cn=directory manager' -w -, and provided the DM password, but the result was the same... (The bind user does not matter in this case...)

Please note that the certs are ok.
{{{

/usr/lib64/mozldap/ldapsearch -h localhost -p 40391 -D 'cn=directory manager' -W -b "" -s base -ZZ "(objectclass=*)" dn

dn:

/usr/lib64/mozldap/ldapsearch -h localhost -p 40637 -D 'cn=directory manager' -W -b "" -s base -Z "(objectclass=*)" dn

dn:
}}}
Please note that I'm having the problem on the build from the master branch. And db2ldif.pl works just fine against the server without SSL/startTLS configured...

What I'd be missing? Thanks for your help!

It turned out my locally built ldapmodify in /usr/local/bin was called and failed due to the lack of TLS_CACERT file.

This fix should be part of the ticket 47536. Closing this ticket as a dup of 47536.

Metadata Update from @nhosoi:
- Issue set to the milestone: 0.0 NEEDS_TRIAGE

4 years ago

Metadata Update from @vashirov:
- Issue set to the milestone: None (was: 0.0 NEEDS_TRIAGE)

a year ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1816

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Duplicate)

5 months ago

Login to comment on this ticket.

Metadata