Bug 1581737
Summary: | passthrough plugin configured to do starttls does not work. | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | German Parente <gparente> | |
Component: | 389-ds-base | Assignee: | mreynolds | |
Status: | CLOSED ERRATA | QA Contact: | RHDS QE <ds-qe-bugs> | |
Severity: | urgent | Docs Contact: | Marc Muehlfeld <mmuehlfe> | |
Priority: | urgent | |||
Version: | 7.7-Alt | CC: | aadhikar, arajendr, gparente, mcorr, mreynolds, msauton, nkinder, pasik, rmeggins | |
Target Milestone: | rc | Keywords: | ZStream | |
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | 389-ds-base-1.3.8.4-1.el7 | Doc Type: | Bug Fix | |
Doc Text: |
The Directory Server *Pass-through* plug-in now supports encrypted connections using the *STARTTLS* command
Previously, the *Pass-through* plug-in in Directory Server did not support encrypted connections if the encryption was started using the *STARTTLS* command. The problem has been fixed, and the *Pass-through* plug-in now supports connections that use the *STARTTLS* command.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1635138 (view as bug list) | Environment: | ||
Last Closed: | 2018-10-30 10:13:48 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1635138 |
Description
German Parente
2018-05-23 14:13:15 UTC
Upstream ticket: https://pagure.io/389-ds-base/issue/49748 Fixed upstream Build Tested: 389-ds-base-1.3.8.4-9.el7.x86_64 Note: Target server is the machine on which SSL is configured and source server is the one on which passthrough plugin is configured. 1) Configure passthrough plugin to do starttls: dn: cn=Pass Through Authentication,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginarg0 nsslapd-pluginarg0: ldap://<hostname>:<ldap_port>/dc=example,dc=com 3,5,300,3,300,1 2) Set nsslapd-pluginEnabled to ON. 3) Restart the source server. 4) Add a user under the suffix "dc=example,dc=com". 5) Add the CA certificate from Target machine to the source. 6) Restart the source server. Results: (Acess log of Target Machine) [07/Aug/2018:19:12:40.815180192 +051800] conn=53 fd=64 slot=64 connection from 10.19.34.94 to 10.65.206.155 [07/Aug/2018:19:12:40.815427962 +051800] conn=53 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="start_tls_plugin" [07/Aug/2018:19:12:40.815608583 +051800] conn=53 op=0 RESULT err=0 tag=120 nentries=0 etime=0.0000319538 [07/Aug/2018:19:12:41.335641674 +051800] conn=53 TLS1.2 256-bit AES-GCM [07/Aug/2018:19:12:42.169458011 +051800] conn=53 op=1 BIND dn="uid=adam,ou=people,dc=example,dc=com" method=128 version=3 [07/Aug/2018:19:12:42.170164748 +051800] conn=53 op=1 RESULT err=0 tag=97 nentries=0 etime=1.0101292500 dn="uid=adam,ou=people,dc=example,dc=com" Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:3127 |