[Pdns-users] TLS issues with LDAP backend on FreeBSD

[srinisan at fmailbox.com]

On Jun 26, 2008, at 2:08 PM, Norbert Sendetzky wrote:
>
> Please try "ldapsearch -ZZ ..." as "-Z" only tries to connect using  
> TLS but
> falls back to normal connections if TLS fails.

-ZZ is also successful.

> It would be also interesting to see your ldap related pdns.conf  
> settings.

The only two things I have are:
launch=ldap
ldap-basedn=ou=hosts,dc=foobar,dc=com

I tried setting the host explicitly to IP address, URI, etc. Didn't  
help.

>
> Does "netstat -lp" shows open connections from your box to the LDAP  
> server?

Yes. Please see below: (Both pdns and sldapd are on the same machine.)

# netstat -lp tcp
Active Internet connections
Proto Recv-Q Send-Q  Local Address          Foreign Address         
(state)
tcp4       0      0  localhost.ldap         localhost.53006         
ESTABLISHED
tcp4       0      0  localhost.53006        localhost.ldap          
ESTABLISHED
tcp4       0      0  localhost.ldap         localhost.53625         
ESTABLISHED
tcp4       0      0  localhost.53625        localhost.ldap          
ESTABLISHED
tcp4       0      0  localhost.ldap         localhost.64231         
ESTABLISHED
tcp4       0      0  localhost.64231        localhost.ldap          
ESTABLISHED
tcp4       0      0  localhost.ldap         localhost.63398         
ESTABLISHED
tcp4       0      0  localhost.63398        localhost.ldap          
ESTABLISHED


btw, there is another behavior I don't understand, but might help with  
debugging this issue.
During my successful non-TLS mode operation, I noticed that all my  
successful dig responses still had the ";; WARNING: recursion  
requested but not available" message. I noticed on pdns' logs that it  
was sending that warning to the client every time a successful lookup  
happened. Maybe this is completely unrelated.

Please let me know if there is anything else you would like me to check.

thanks