[Pdns-users] TLS issues with LDAP backend on FreeBSD

Norbert Sendetzky norbert at linuxnetworks.de
Thu Jun 26 21:08:38 UTC 2008


On Thursday 26 June 2008 06:26:08 srinisan at fmailbox.com wrote:
> When TLS is turned on, I can run the regular LDAP client apps
> (ldapsearch, ldapadd, etc.) using the -Z option which forces TLS.
> Also, not using -Z gives me the "Confidentiality Required" error on
> those LDAP clients. So, I know that everything is good with slapd and
> ldap.conf wrt TLS.

Please try "ldapsearch -ZZ ..." as "-Z" only tries to connect using TLS but 
falls back to normal connections if TLS fails.

It would be also interesting to see your ldap related pdns.conf settings.

> However, on slapd's logs, I don't see anything about powerdns trying
> to start TLS. I do see a connection rejection by slapd because the
> connection didn't use TLS.

Does "netstat -lp" shows open connections from your box to the LDAP server?


Norbert
-- 
OpenPGP public key
http://www.linuxnetworks.de/norbert.pubkey.asc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20080626/a33e3c82/attachment-0001.sig>


More information about the Pdns-users mailing list