[Pdns-users] TLS issues with LDAP backend on FreeBSD

srinisan at fmailbox.com srinisan at fmailbox.com
Thu Jun 26 21:50:28 UTC 2008 

Sorry, I forgot one more thing I have in pdns.conf.
ldap-starttls=yes

On Jun 26, 2008, at 2:39 PM, srinisan at fmailbox.com wrote:

> On Jun 26, 2008, at 2:08 PM, Norbert Sendetzky wrote:
>>
>> Please try "ldapsearch -ZZ ..." as "-Z" only tries to connect using  
>> TLS but
>> falls back to normal connections if TLS fails.
>
> -ZZ is also successful.
>
>> It would be also interesting to see your ldap related pdns.conf  
>> settings.
>
> The only two things I have are:
> launch=ldap
> ldap-basedn=ou=hosts,dc=foobar,dc=com
>
> I tried setting the host explicitly to IP address, URI, etc. Didn't  
> help.
>
>>
>> Does "netstat -lp" shows open connections from your box to the LDAP  
>> server?
>
> Yes. Please see below: (Both pdns and sldapd are on the same machine.)
>
> # netstat -lp tcp
> Active Internet connections
> Proto Recv-Q Send-Q  Local Address          Foreign Address         
> (state)
> tcp4       0      0  localhost.ldap         localhost.53006         
> ESTABLISHED
> tcp4       0      0  localhost.53006        localhost.ldap          
> ESTABLISHED
> tcp4       0      0  localhost.ldap         localhost.53625         
> ESTABLISHED
> tcp4       0      0  localhost.53625        localhost.ldap          
> ESTABLISHED
> tcp4       0      0  localhost.ldap         localhost.64231         
> ESTABLISHED
> tcp4       0      0  localhost.64231        localhost.ldap          
> ESTABLISHED
> tcp4       0      0  localhost.ldap         localhost.63398         
> ESTABLISHED
> tcp4       0      0  localhost.63398        localhost.ldap          
> ESTABLISHED
>
>
> btw, there is another behavior I don't understand, but might help  
> with debugging this issue.
> During my successful non-TLS mode operation, I noticed that all my  
> successful dig responses still had the ";; WARNING: recursion  
> requested but not available" message. I noticed on pdns' logs that  
> it was sending that warning to the client every time a successful  
> lookup happened. Maybe this is completely unrelated.
>
> Please let me know if there is anything else you would like me to  
> check.
>
> thanks
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list