Due to a change in the OpenLDAP client libraries (switching from NSS to OpenSSL), the TLS options LDAP_OPT_X_TLS_CACERTFILE, LDAP_OPT_X_TLS_KEYFILE, LDAP_OPT_X_TLS_CERTFILE, need to specify path to PEM files.
Those PEM files are extracted from the key/certs from the NSS db in /etc/dirsrv/slapd-xxx
Those files are extracted if the option (under 'cn=config') nsslapd-extract-pemfiles is set to 'on'.
The default value is 'off', that prevent secure outgoing connection.
1.3.7
see related BZ
Metadata Update from @tbordaz: - Custom field component adjusted to None - Custom field origin adjusted to None - Custom field reviewstatus adjusted to None - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1542645 - Custom field type adjusted to None - Custom field version adjusted to None
Metadata Update from @tbordaz: - Issue set to the milestone: 1.3.7.0
<img alt="0001-Ticket-49560-nsslapd-extract-pemfiles-should-be-enab.patch" src="/389-ds-base/issue/raw/files/1b829ef72e917d9aa7614dae2e941f64ba0dee026d8bbffd00de766abfd0c14a-0001-Ticket-49560-nsslapd-extract-pemfiles-should-be-enab.patch" />
Patch looks good to me. ACK+
Metadata Update from @mhonek: - Custom field reviewstatus adjusted to ack (was: None)
ca8f1fd..8304cae master -> master
806de71..b68d3cb 389-ds-base-1.3.7 -> 389-ds-base-1.3.7
commit 73638d6 Author: Simon Pichugin spichugi@redhat.com Date: Tue Feb 20 19:49:35 2018 +0100
Metadata Update from @mhonek: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/2619
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: fixed)
Login to comment on this ticket.