Bug 292611
| Summary: | SSL test in ldap start script is bogus | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jan Engelhardt <jengelh> |
| Component: | openldap | Assignee: | Jan Safranek <jsafrane> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | openldap-2.3.38-2.fc8 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-09-18 11:08:10 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
fixed as you suggested - see SLAPD_LDAPS in /etc/sysconfig/ldap |
Description of problem: In /etc/init.d/ldap the SSL test is bogus: if grep -q ^TLS /etc/openldap/slapd.conf || test x$SLAPD_LDAPS = xyes ; then harg="$harg ldaps:///" fi TLS is *not* SSL and instead runs over ldap:/// or ldapi:///. As such, TLS presence should not implicitly activate ldaps! Fix: if [ "$SLAPD_LDAPS" == yes ]; then harg="$harg ldaps:///"; fi; Version-Release number of selected component (if applicable): openldap-servers-2.3.38-1.fc8.i386.rpm Dates back to at least FC6 where I found the bug too.