389-ds-base

Clone
Source Code
GIT

#49454 Replication fails to start with CBCA (Certificate-Based Client Authentication) while FIPS mode is enabled.
Closed: wontfix 6 years ago Opened 6 years ago by mreynolds.

Closed: wontfix
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1464463

### Description

Replication fails to start with Certificate-Based Client Authentication when FIPS mode is enabled.

[23/Jun/2017:17:40:44.077752194 +051800] - DEBUG - NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=24202_to_24218" (vm-idm-024:24218) - Replication bind with EXTERNAL auth failed: LDAP error 48 (Inappropriate authentication) (missing client certificate)

This occurs because we use a hard-coded internal token name when we attempt SSL Client auth.  The issue is that FIPS mode changes the internal token name, and the certificate can not be retrieved from the security database.

Metadata Update from @mreynolds:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1464463
6 years ago

Metadata Update from @mreynolds:
- Issue assigned to mreynolds
6 years ago

Metadata Update from @mreynolds:
- Custom field component adjusted to None
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to review
- Custom field type adjusted to None
- Custom field version adjusted to None
6 years ago

Seems okay to me. :)

Metadata Update from @firstyear:
- Custom field reviewstatus adjusted to ack (was: review)
6 years ago

5493b86..6e794a8 master -> master

f209fea..60f66df 389-ds-base-1.3.7 -> 389-ds-base-1.3.7

Metadata Update from @mreynolds:
- Issue set to the milestone: 1.3.7.0 (was: 1.3.6.0)
6 years ago

Metadata Update from @mreynolds:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
6 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/2513

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: fixed)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
ack
None
Attachments 1
0001-Ticket-49454-SSL-Client-Authentication-breaks...
Attached 6 years ago View Comment
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.