Bug 1247675

Summary: slapd will not work properly after upgrading to RHEL 6.7
Product: Red Hat Enterprise Linux 6 Reporter: sebastian.luna.valero
Component: openldapAssignee: Matus Honek <mhonek>
Status: CLOSED NEXTRELEASE QA Contact: Patrik Kis <pkis>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.7CC: ebenes, mhonek, nkinder, pkis, sebastian.luna.valero
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-08-05 12:41:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1249092    
Bug Blocks:    

Description sebastian.luna.valero 2015-07-28 15:17:08 UTC 
Description of problem:
Did "yum update" to update OpenLDAP server from RHEL 6.6 to RHEL 6.7 and after the update the OpenLDAP server was not working.

Version-Release number of selected component (if applicable):
Updating from:
RHEL 6.6, OpenLDAP 2.4.39

to:RHEL 6.7 and, OpenLDAP 2.4.40

How reproducible:
Always

Steps to Reproduce:
1. yum update on the OpenLDAP server with RHEL 6.6

Additional info:
My solution was to revert back the server to RHEL 6.6 and OpenLDAP 2.4.39.

It might be related to this:
https://bugzilla.redhat.com/show_bug.cgi?id=1160467

and a configuration problem on my end. I am using slapd.conf with:
TLSProtocolMin 3.1
TLSCipherSuite HIGH

Please let me know if you need further information.
Comment 2 Jan Synacek 2015-07-29 07:34:58 UTC 
If you require TLS1.1 to be used, your configuration should only set TLSProtocolMin:

TLSProtocolMin 3.2

See slapd-config(5), option olcTLSProtocolMin.
Comment 3 sebastian.luna.valero 2015-08-05 12:51:43 UTC 
Thanks!

I will try that. However, just to let you know that I was following Red Hat resolution for POODLE vulnerability as explained here:
https://access.redhat.com/solutions/1234843

So slapd should still work properly after upgrading, is that right?
Comment 9 Matus Honek 2016-08-05 12:41:11 UTC 
This bug should be resolved with resolving bug 1249092. Thus closing as NEXTRELEASE.