Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1464463
### Description Replication fails to start with Certificate-Based Client Authentication when FIPS mode is enabled. [23/Jun/2017:17:40:44.077752194 +051800] - DEBUG - NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=24202_to_24218" (vm-idm-024:24218) - Replication bind with EXTERNAL auth failed: LDAP error 48 (Inappropriate authentication) (missing client certificate) This occurs because we use a hard-coded internal token name when we attempt SSL Client auth. The issue is that FIPS mode changes the internal token name, and the certificate can not be retrieved from the security database.
Metadata Update from @mreynolds: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1464463
Metadata Update from @mreynolds: - Issue assigned to mreynolds
Metadata Update from @mreynolds: - Custom field component adjusted to None - Custom field origin adjusted to None - Custom field reviewstatus adjusted to review - Custom field type adjusted to None - Custom field version adjusted to None
<img alt="0001-Ticket-49454-SSL-Client-Authentication-breaks-in-FIP.patch" src="/389-ds-base/issue/raw/files/8b1980ae745f8bb53766ea9dc4a0961b8fd10540d54fb11d19b1b4199218218e-0001-Ticket-49454-SSL-Client-Authentication-breaks-in-FIP.patch" />
Seems okay to me. :)
Metadata Update from @firstyear: - Custom field reviewstatus adjusted to ack (was: review)
5493b86..6e794a8 master -> master
f209fea..60f66df 389-ds-base-1.3.7 -> 389-ds-base-1.3.7
Metadata Update from @mreynolds: - Issue set to the milestone: 1.3.7.0 (was: 1.3.6.0)
Metadata Update from @mreynolds: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/2513
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: fixed)
Log in to comment on this ticket.