#49454 Replication fails to start with CBCA (Certificate-Based Client Authentication) while FIPS mode is enabled.
Closed: fixed 2 years ago Opened 2 years ago by mreynolds.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1464463

### Description

Replication fails to start with Certificate-Based Client Authentication when FIPS mode is enabled.

[23/Jun/2017:17:40:44.077752194 +051800] - DEBUG - NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=24202_to_24218" (vm-idm-024:24218) - Replication bind with EXTERNAL auth failed: LDAP error 48 (Inappropriate authentication) (missing client certificate)

This occurs because we use a hard-coded internal token name when we attempt SSL Client auth.  The issue is that FIPS mode changes the internal token name, and the certificate can not be retrieved from the security database.

Metadata Update from @mreynolds:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1464463

2 years ago

Metadata Update from @mreynolds:
- Issue assigned to mreynolds

2 years ago

Metadata Update from @mreynolds:
- Custom field component adjusted to None
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to review
- Custom field type adjusted to None
- Custom field version adjusted to None

2 years ago

Metadata Update from @firstyear:
- Custom field reviewstatus adjusted to ack (was: review)

2 years ago

5493b86..6e794a8 master -> master

f209fea..60f66df 389-ds-base-1.3.7 -> 389-ds-base-1.3.7

Metadata Update from @mreynolds:
- Issue set to the milestone: 1.3.7.0 (was: 1.3.6.0)

2 years ago

Metadata Update from @mreynolds:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata