[Pdns-users] TLS issues with LDAP backend on FreeBSD
srinisan at fmailbox.com
srinisan at fmailbox.com
Thu Jun 26 04:26:08 UTC 2008
I'd appreciate any help anyone can offer.
My environment:
FreeBSD 7.0
OpenLDAP 2.4 server and clients (built using FreeBSD ports)
PowerDNS 2.9.21 (built using FreeBSD ports)
What works:
PowerDNS correctly serves up the names in its domain by looking up via
LDAP. No problem.
What doesn't work
Changing the configuration to use TLS breaks PowerDNS ability to query
via LDAP.
Why I suspect PowerDNS LDAP backend.
When TLS is turned on, I can run the regular LDAP client apps
(ldapsearch, ldapadd, etc.) using the -Z option which forces TLS.
Also, not using -Z gives me the "Confidentiality Required" error on
those LDAP clients. So, I know that everything is good with slapd and
ldap.conf wrt TLS.
I have set "ldap-starttls=yes" in pdns.conf. But, when I do a name
lookup, it fails saying "recursion requested but not available".
I have turned on logging on slapd and powerdns.
PowerDNS prints all happy messages about being able to connect to LDAP
server ports, etc. The only unhappy message is the "recursion not
available" message when a request comes in.
However, on slapd's logs, I don't see anything about powerdns trying
to start TLS. I do see a connection rejection by slapd because the
connection didn't use TLS.
What I am doing wrong? Any help will be greatly appreciated.
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20080625/e921857a/attachment.html>
More information about the Pdns-users
mailing list